BookmarkSubscribeRSS Feed
EdwardJin
Obsidian | Level 7

In this message, I'd like to introduce a way to get last SAS logins of users and clients from the log file of SAS Metadata Server, the output looks like UNIX command "last" or "lastb". Generally, there are many ways and tools to get the login history, for example, SAS Environment Manager which can provide more extended and customized information. But some of the tools is not free. So, today let's talk a "home-made" solution to get the SAS login history.


Before that, we can use some background knowledge. For SAS metadata server, each of the login attempts will be recorded to SAS Metadata Server log file, which is located at <SAS CONFIG DIR>/Lev1/SASMeta/MetadataServer/Logs. The login attempts can be initiated from SAS Clients(for example SAS Enterprise Guide) or SAS batch jobs, which try to connect to SAS Metadata Sever. In each attempts, by default, the following information will be displayed:

Successful login: 

 

2016-04-15T10:09:46,586 INFO  [00183402] :testuser1 - New client connection (13015) accepted from server port 8591 for user sasuser1. Encryption level is Credentials using encryption algorithm SASProprietary. Peer IP address and port are [::ffff:192.168.6.26]:49254 for APPNAME=SAS Enterprise Guide.

Unsuccessful login: 

 

2016-05-20T12:05:52,248 WARN  [00009359] :sas - New client connection (179) rejected from server port 8561 for user testuser2. Peer IP address and port are [::ffff:192.168.46.70]:52769 for APPNAME=SAS Enterprise Guide. 

And, the log file naming policy is defined as "SASMeta_MetadataServer_%d_%S{hostname}_%S{pid}.log".

 

Within the log file, the log entries are defined in configuration file <SAS CONFIG DIR>/Lev1/SASMeta/MetadataServer/logconfig.xml as follow:
<param name="ConversionPattern" value="%d %-5p [%t] %X{Client.ID}:%u - %m"/>

 

And the description of relevant parameters are listed as follows:

%d
Reports the date of the log event.
For the ConversionPattern parameter, the ISO8601 format, which is represented as yyyy-MM-dd HH:mm:ss,SSS
For the FileNamePattern parameter, yyyy-MM-dd.


%-5p
Reports the level of the log event.
Here are the supported levels:
• TRACE
• DEBUG
• INFO
• WARN
• ERROR
• FATAL


%t
Reports the identifier of the thread that generated the log event.


%X{Client.ID}
Reports the connection ID that is associated with the connecting client.


%u
Reports the client identity that is associated with the current thread or task.


%m
Writes the messages that are associated with the log event. 

 

According to the log files, we can start extracting the last logins. Below are some tips:
• A "accepted" entry means successful login, and a "rejected" entry means unsuccessful one, not a surprise. 🙂
• The log entry also includes information of the SAS clients, for example, IP address, port number, and SAS client name.
• Be aware of the escape letters in log entries, for example, "/" which can cause some trouble if it follows "n" or "t".

After you understand the background knowledge, the extraction is mainly regarding character processing. You can easily get the information from the log file as you need.

 

Furthermore, you can also customize the configuration file (logconfig.xml) to define your own formats of the log file to get more information and make the extraction easier.

 

My team used the Perl and Shell scripting to handle the character processing.
If you'd like to know more how we do it, just feel free to let me know.

 


Reference: http://support.sas.com/documentation/cdl/en/logug/67485/PDF/default/logug.pdf

 


Best regards
Edward Jin

9 REPLIES 9
Debi
Fluorite | Level 6
Yes, using one line unix command also, we can get this successful user logins. I have also used simillar concept to find out the unique login to SAS applications in last n days .
This is pretty helpful. Thanks for sharing the detailed explanation of the logconfig.xml file entries & parameters.
EdwardJin
Obsidian | Level 7

It's great to hear that it helps. Thanks. 🙂

amuktha
Calcite | Level 5

Could you please provide the complete code.

Kurt_Bremser
Super User

Try this:

data metadata_log (keep=timestamp username success);
infile in truncover;
length
  infile_line $200
  timestamp 8
  type $10
  username $32
;
format timestamp e8601dt23.3;
input infile_line $200.;
type = scan(infile_line,2,' ');
select (type);
  when ('INFO') do;
    timestamp = input(substr(infile_line,1,23),e8601dt23.);
    if index(infile_line,'New client connection')
    then do;
      position = indexw(infile_line,'user');
      excerpt = substr(infile_line,position + 5);
      username = scan(excerpt,1,'.');
      success = 'Y';
      output metadata_log;
    end;
  end;
  when ('WARN') do;
    timestamp = input(substr(infile_line,1,23),e8601dt23.);
    if index(infile_line,'New client connection')
    then do;
      position = indexw(infile_line,'user');
      excerpt = substr(infile_line,position + 5);
      username = scan(excerpt,1,'.');
      success = 'N';
      output metadata_log;
    end;
  end;
  otherwise;
end;
run;

Fileref "in" needs to point to your metadata log file(s). The code retrieves successful and non-successful attempts to connect to the metadata server.

amuktha
Calcite | Level 5

Thank you!! That worked!

sas_royal
Calcite | Level 5

Hi, its not working me. Can you


@amuktha wrote:

Thank you!! That worked!



please let me know what will be value of IN ?

sas_royal
Calcite | Level 5
so it will .log file path or we need to mention path till LOG folder ?

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 9 replies
  • 8158 views
  • 9 likes
  • 5 in conversation