Audit of users' logons in 9.2

Reply
Regular Learner
Posts: 1

Audit of users' logons in 9.2

hi everybody,

our company wants report about SAS users and theirs last logon time to the SAS.

I was sure that kind info is saved in user Metadata. But it seems that I was wrong.

Next sas code gets attributes and values from user metadata and there is no info about logons:

data _null_;

    length attr $256  value $256;

    rc=1;

    n=1;

    do while(rc>0);

        /* Walk through all the attributes on  object. */

        rc=metadata_getnatr("omsobjSmiley Tongueerson?@Name='sasdemo'", n, attr, value);

        if (rc>0) then put n= attr= value=;

        n=n+1;

    end;

run;

----------------------------------------------------------

OUTPUT:

n=1 attr=UsageVersion value=1000000

n=2 attr=Title value=internal user

n=3 attr=PublicType value=User

n=4 attr=Name value=sasdemo

n=5 attr=MetadataUpdated value=05Feb2014:11:00:30

n=6 attr=MetadataCreated value=30Sep2013:12:11:39

n=7 attr=LockedBy value=

n=8 attr=DisplayName value=SAS Demo User

n=9 attr=Desc value=do not change

n=10 attr=ChangeState value=

n=11 attr=Id value=A53Y8E2X.AN000003

So I am a bit confused. The only way I found - process ObjectSpawner logs. But this looks like bad workaround because logs may be archived or deleted after period ends(year).

Is there anybody has idea about this topic?

Valued Guide
Posts: 3,206

Re: Audit of users' logons in 9.2

Your question is very common as result of regulator guidelines. There will be probably a policy having the roots in ISO/IEC 27002.

In that case the question is SIEM (Security Information Event Monitoring) related. The bad news is SAS is not aware of this  ...

The good news is SAS has a lot to do most of it. The ugly is you have to do a lot of work.

You can get information out of SAS-metadata using de export tools as described in the bisecag (Appendic A mduscec macro).
This will give you only information what is defined there not at the OS-level. The mentioned macro-s are meant for synchronization.

All SAS services access can get monitored by doing appropriate log-analyes, see SAS Audit, Performance and Measurement package

These log analyses can give information what is happening inside sas processes (login & executing)

When the reason of the question is just a licensing verification or preparing to evaluate sas with an other tool this will do.

The possible remote connect and sas base/founfation usage can be kept out of sight (not logged) .

When the question is a little bit different and the want to know who has accessed data that can SAS-users are using.

Then it becomes more difficult. All users that can access the system aside using sas can also possible see data.. OS controls and OS monitoring will become a very important topic.     

---->-- ja karman --<-----
Occasional Contributor
Posts: 5

Re: Audit of users' logons in 9.2

Hello -

 

were you able to acheive it, I'm also looking for similar report. If so, please share the steps or code if possible.

Esteemed Advisor
Posts: 5,198

Re: Audit of users' logons in 9.2

Perhaps it would be easier to upgrade to 9.4, and explore what Environment Manager would give you, and start from there. (Given that you would be entitled a license for it)
Data never sleeps
Ask a Question
Discussion stats
  • 3 replies
  • 672 views
  • 0 likes
  • 4 in conversation