11-29-2016 09:46 AM
I'd like to have audit logs of files transferred between the server and the PC by Enterprise Guide users using the Copy Files task. I currently have the Workspace logconfig.xml configured to record job logs but there is nothing being logged regarding file transfers. Any ideas?
11-29-2016 09:53 AM
The workspace server log provides you with an overview of connections made per users, but does not show what you are looking for.
I think that this would rather be an OS monitoring matter than a SAS monitoring.
What version of SAS and OS are you running?
Also, please note that it is not recommended to enable Workspace Server logging, other than for troubleshooting.
Each client connection creates a log file, which means your WS log location will fill up so quickly and eventually will take up
big amounts of space.
11-29-2016 10:31 AM
11-29-2016 02:29 PM
I might be completely wrong, but I believe the Copy Files functionality does not use, necesarily, any SAS service, as the workspace server, but just .NET functionality, or native OS commands, maximum.
Did you already enabled the Logging fuctionality on your EG client? http://support.sas.com/kb/55/414.html
11-30-2016 11:28 AM
I found that the EG logging on the PC does capture the copying but I need to track it on the server and haven't found where that would be logged or what service on the server is providing the transfer. Thanks for the feedback.
2016-11-30 10:55:18,614  INFO SAS.Tasks.CopyFiles.SasFileTransferTask [(null)] - Running Copy Files task: Copy Files
2016-11-30 10:57:21,448  INFO SAS.Tasks.CopyFiles.SasFileTransferTask [(null)] - Checking for existence of target folder: C:/users/kcd01/Downloads
2016-11-30 10:57:21,448  INFO SAS.Tasks.CopyFiles.SasFileTransferTask [(null)] - DOWNLOADING files...
11-30-2016 04:33 PM
I am not sure how to answer your question regarding the loggin from sever side, except the OS itself.
If you need additional in deep detail about EG custom tasks I suggest you to ask @ChrisHemedinger, he is your guru At least he will know where to point you at.
11-30-2016 07:49 PM
As you found, EG app logging captures it -- but I can see that's not good enough for your needs.
Workspace logging would catch it if you look specifically for IOM::FileService events -- that's the SAS Integration Technologies service that's being used. However, it will be a challenge to configure your Workspace logging to catch that without filling up with a whole bunch of other stuff that you don't need/want.
The Copy Files task isn't the only way to pull content from the server to your PC -- it's just the most convenient method. Even if we added some sort of event logging in that task, there would be other gaps in your potential auditing.
Are you trying to track who might be downloading sensitive data? Even if there is a business need for this, you just want to be able to audit/track/follow up?
12-01-2016 06:46 PM
In addition to @ChrisHemedinger's comments I'm wondering what business requirement you are addressing? If it is monitoring the extraction of sensitive data then I'd suggest there are so many ways you can circumvent auditing that I see it as impossible to cover all of the bases. For example just copying and pasting avoids any possible audit.
12-02-2016 11:06 AM
12-02-2016 11:49 AM
I think if you turn up the logging all the way to DEBUG, you might get the FS events. But then you'll want to squelch all of the stuff you don't want, else your log folder will run out of quota really fast...