cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
SASJR1
Obsidian | Level 7 SASJR1
Obsidian | Level 7

user system audit sas viya 3.5

Posted 11-20-2023 07:07 AM (673 views)

The System_data.Audit is usually generated from system logs that track user actions and system events. It's used to monitor user activity within a system. However, there might be cases where all user actions aren't showing up in the audit data, especially concerning reports visited in the last 7 days.

To ensure the audit data is complete and accurate, it's possible to compare the original system logs directly with the information in the audit dataset. This helps confirm if there's any missing data when moving from the logs to the audit dataset.

For instance, we can specifically check if there's more detailed information available in the original logs for user Mike that might not have made it into the System_data.Audit table. This comparison can help identify any gaps or discrepancies in the audit data, making sure nothing important gets lost or overlooked.

0 Likes
Reply
1 REPLY 1
ronf_sas
SAS Employee ronf_sas
SAS Employee

Re: user system audit sas viya 3.5

Posted 11-22-2023 02:23 PM (586 views)  |   In reply to SASJR1

Hi.  Thanks for sharing.  I wanted to point out one clarification.  The data in the SystemData.AUDIT table does not come from system or application logs.  That data comes from audit records that are stored in the SAS Infrastructure Data Server (PostgreSQL database).  When a user performs some action against a service, that service might create an audit record for the action.  The audit record might be recorded in the database by the audit microservice.  A job runs every two hours to extract the audit records from the database and load them into SystemData.AUDIT.  

 

As for the example where audit data about reports being read not showing up, that is because, by default, the audit microservice does not record report "read" actions.  The reason for this is due to the volume of audit records that can be generated. 

 

More information about the auditing can be found here:  SAS Help Center: Auditing: Overview

Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • ‎11-20-2023 07:07 AM
  • 674 views
  • 2 likes
  • 2 in conversation