In this message, I'd like to introduce a way to get last SAS logins of users and clients from the log file of SAS Metadata Server, the output looks like UNIX command "last" or "lastb". Generally, there are many ways and tools to get the login history, for example, SAS Environment Manager which can provide more extended and customized information. But some of the tools is not free. So, today let's talk a "home-made" solution to get the SAS login history.
Before that, we can use some background knowledge. For SAS metadata server, each of the login attempts will be recorded to SAS Metadata Server log file, which is located at <SAS CONFIG DIR>/Lev1/SASMeta/MetadataServer/Logs. The login attempts can be initiated from SAS Clients(for example SAS Enterprise Guide) or SAS batch jobs, which try to connect to SAS Metadata Sever. In each attempts, by default, the following information will be displayed:
Successful login:
2016-04-15T10:09:46,586 INFO [00183402] :testuser1 - New client connection (13015) accepted from server port 8591 for user sasuser1. Encryption level is Credentials using encryption algorithm SASProprietary. Peer IP address and port are [::ffff:192.168.6.26]:49254 for APPNAME=SAS Enterprise Guide.
Unsuccessful login:
2016-05-20T12:05:52,248 WARN [00009359] :sas - New client connection (179) rejected from server port 8561 for user testuser2. Peer IP address and port are [::ffff:192.168.46.70]:52769 for APPNAME=SAS Enterprise Guide.
And, the log file naming policy is defined as "SASMeta_MetadataServer_%d_%S{hostname}_%S{pid}.log".
Within the log file, the log entries are defined in configuration file <SAS CONFIG DIR>/Lev1/SASMeta/MetadataServer/logconfig.xml as follow:
<param name="ConversionPattern" value="%d %-5p [%t] %X{Client.ID}:%u - %m"/>
And the description of relevant parameters are listed as follows:
%d
Reports the date of the log event.
For the ConversionPattern parameter, the ISO8601 format, which is represented as yyyy-MM-dd HH:mm:ss,SSS
For the FileNamePattern parameter, yyyy-MM-dd.
%-5p
Reports the level of the log event.
Here are the supported levels:
• TRACE
• DEBUG
• INFO
• WARN
• ERROR
• FATAL
%t
Reports the identifier of the thread that generated the log event.
%X{Client.ID}
Reports the connection ID that is associated with the connecting client.
%u
Reports the client identity that is associated with the current thread or task.
%m
Writes the messages that are associated with the log event.
According to the log files, we can start extracting the last logins. Below are some tips:
• A "accepted" entry means successful login, and a "rejected" entry means unsuccessful one, not a surprise. 🙂
• The log entry also includes information of the SAS clients, for example, IP address, port number, and SAS client name.
• Be aware of the escape letters in log entries, for example, "/" which can cause some trouble if it follows "n" or "t".
After you understand the background knowledge, the extraction is mainly regarding character processing. You can easily get the information from the log file as you need.
Furthermore, you can also customize the configuration file (logconfig.xml) to define your own formats of the log file to get more information and make the extraction easier.
My team used the Perl and Shell scripting to handle the character processing.
If you'd like to know more how we do it, just feel free to let me know.
Reference: http://support.sas.com/documentation/cdl/en/logug/67485/PDF/default/logug.pdf
Best regards
Edward Jin
It's great to hear that it helps. Thanks. 🙂
Could you please provide the complete code.
Try this:
data metadata_log (keep=timestamp username success);
infile in truncover;
length
infile_line $200
timestamp 8
type $10
username $32
;
format timestamp e8601dt23.3;
input infile_line $200.;
type = scan(infile_line,2,' ');
select (type);
when ('INFO') do;
timestamp = input(substr(infile_line,1,23),e8601dt23.);
if index(infile_line,'New client connection')
then do;
position = indexw(infile_line,'user');
excerpt = substr(infile_line,position + 5);
username = scan(excerpt,1,'.');
success = 'Y';
output metadata_log;
end;
end;
when ('WARN') do;
timestamp = input(substr(infile_line,1,23),e8601dt23.);
if index(infile_line,'New client connection')
then do;
position = indexw(infile_line,'user');
excerpt = substr(infile_line,position + 5);
username = scan(excerpt,1,'.');
success = 'N';
output metadata_log;
end;
end;
otherwise;
end;
run;
Fileref "in" needs to point to your metadata log file(s). The code retrieves successful and non-successful attempts to connect to the metadata server.
Thank you!! That worked!
Hi, its not working me. Can you
@amuktha wrote:Thank you!! That worked!
please let me know what will be value of IN ?
"in" is a file reference that points to the log file.
Always supply the absolute path for the file, starting at root.
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.