A starting point to tracking user activity in SAS installations is to implement SAS's APM functionality. Here is a useful link for this: https://support.sas.com/kb/68/709.html

You should also search the SAS documentation for APM to learn more.

How users authenticate is configured in the metadata server through the authentication domain(s). The default authentication domain is usually configured to check against the underlying operating system's authentication system. When users are configured to such an AD, SAS user == OS user. Different AD's can use other sources, e.g. LDAP-based.

When users authenticate to a SAS service is recorded in the metadata server logs.

Hi there @bmsampath ,

what you are asking is quite extensive. One could literally write a book about those topics. I would initially like to point you to the SAS documentation (wondering which documents you found so far), else SAS Professional Services or a trusted technological partner. (And, as side topic, I would also highly encourage your company to upgrade from M6 to latest maintenance in M9 with the latest hotfixes and security patches). 

I will try to address your questions but providing some perspective, which might not be what you can find on documentation.

The web applications provided by SAS are no different from other web applications that are built in Java. What you need to keep in mind is:

- Your web app servers are tomcat alike. And they serve basically J2EE applications.

- You have an apache load balancer.

- Authentication and URL re-directions will be mostly governed by the SAS Metadata in one way or another.

- As any java web application, Log4J (now v2) rules your logging level, what informs, where and the rolling of the logs, based on the java libraries you enable and at what level (INFO, WARN, ERROR, DEBUG, TRACE)

- One of the applications is the SAS Environment Manager, which acts like an in-house data collection of your SAS system (however should never be your main monitoring tool, since it depends on several SAS services to be healthy and running).

- You could enable the extended monitoring (the so called EMI framework, which includes ACM and APM, as shared by @SASKiwi ) for SAS Environment Manager. This is a collection of scripts which will extend the level of information of your logs, and will add reports (and Stored Processes reports) and services and metrics being collected. - if you enable this, you need to set some cleaning of your EMI database in postgres, to ensure your system won't collapse of the amount of data collected.

If you manage to understand those foundations, you can understand all you need towards monitoring and auditing your SAS system, specially your SAS Web Applications. I mean it. Any web administrator or security expert based on Java web apps should be able to follow up and provide advice. 

Indeed, SAS 9 is not the same as SAS Viya. There are many differences and improvements in SAS Viya towards auditing and monitoring, and make IT standards even more visible. Listing those differences could take a while.

I would like to point you to:

• SAS Intelligence Platform: Overview
• SAS Intelligence Platform: System Administration Guide
• SAS Intelligence Platform: Security Administration Guide
• SAS Intelligence Platform: Middle-Tier Administration Guide

Thanks everyone for your response. 🙂 I just came to know we have a web tool called "web admin console" to make changes to logging levels. I am making an attempt to change the logging levels for SAS VA Hub. I will update you if I see any changes in the log info after making this update. 🙂