cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed

Audit your SAS Viya platform with REST

Started ‎03-22-2020 by
Modified ‎03-22-2020 by
Views 4,098

We previously demonstrated how in SAS Viya, audit records stored in the SAS Infrastructure Data server can be viewed using the audit plugin to the sas-admin CLI. In this post, we'll look at another method for surfacing audit records; with REST API calls made directly from a Python program.

New pyviyatool

The newest addition to the pyviyatools git repository is getauditrecords.py. It uses the call_rest_api() function, written by Gerry Nelson, to grab auditing information from the audit/entries service endpoint. As with other pyviyatools, the user executing the command must be authenticated on the command line as a pre-requisite.

 

The general syntax of the tool is as follows. Use the --help or -h options to view all of the arguments that can be used to filter and sort the output.

 

usage: getauditrecords.py [-h] [-a APPLICATION] [-l LIMIT] [-t TYPE]
                          [-c ACTION] [-s STATE] [-u USER] [-A AFTER]
                          [-B BEFORE] [-S SORTBY] [-o {csv,json,simple}]

optional arguments:
  -h, --help            show this help message and exit
  -a APPLICATION, --application APPLICATION
                        Filter by Application or Service name
  -l LIMIT, --limit LIMIT
                        Maximum number of records to display
  -t TYPE, --type TYPE  Filter by entry Type
  -c ACTION, --action ACTION
                        Filter by entry Action
  -s STATE, --state STATE
                        Filter by entry State
  -u USER, --user USER  Filter by Username
  -A AFTER, --after AFTER
                        Filter entries that are created after the specified
                        timestamp. For example: 2020-01-03 or
                        2020-01-03T18:15Z
  -B BEFORE, --before BEFORE
                        Filter entries that are created before the specified
                        timestamp. For example: 2020-01-03 or
                        2020-01-03T18:15Z
  -S SORTBY, --sortby SORTBY
                        Sort the output ascending by this field
  -o {csv,json,simple}, --output {csv,json,simple}
                        Output Style

 

By default, a maximum of 1000 records will be returned, and the output will be sorted by timeStamp. The result is returned as a JSON object, but is displayed on the command line in CSV form by default.

 

Let's look at example. How can we identify users who logged in to a visual interface on the 19th of January?

 

# python ./getauditrecords.py -a SASLogon -A 2020-01-19 -B 2020-01-19
id ,timeStamp ,type ,action ,state ,user ,remoteAddress ,application ,description ,uri
"d428a92e-e82d-4297-95b8-edfaed5438e8","2020-01-20T01:39:07.381Z","security","login","success","Alex","10.96.1.248","SASLogon","None","None"
"cf0cfc8d-2d84-43d5-82f5-1843bacb41cc","2020-01-20T01:39:15.766Z","security","login","success","Sasha","10.96.1.248","SASLogon","None","None"
"c93f935f-ab81-40b5-a926-67c372594dd7","2020-01-20T01:39:20.877Z","security","SessionDestroyed","success","Alex","10.96.1.248","SASLogon","None","None"
"339cbd6b-5f5d-4aba-8e4b-c7c80b4e5ee1","2020-01-20T01:39:27.447Z","security","login","success","Ahmed","10.96.1.248","SASLogon","None","None"

 

In the command above, we add options to filter for only those records that were created on the query date, and to filter for records generated by the SASLogon application only. From the results, we can see that Alex, Sasha and Ahmed successfully logged in to SASLogon on the 19th of January.

 

The program can be scheduled to run on a regular basis, and the output can be saved to an external file.

 

The inspiration for this tool was based on a program developed by SAS Professional Services to satisfy a customer requirement to extract audit records using Python for the purpose of writing them to an external database. Another program was created to parse information from log files, which was then merged with the extracted audit data to create a customised data source on which new audit reports could be created. The data extracted from getauditrecords.py could be used in a similar fashion. It's also possible to use the tool as alternative method of extracting audit data for tenants in a multi-tenancy environment.

 

In the future, the tool could be further developed by improving error handling and adding some additional features, such as providing the ability for users to display only a selected subset of columns, resolving the object URI, or displaying current audit configuration settings. A complementary tool to parse log information would be another very useful addition. For any other suggestions, please add a request or make your own contributions to the git repository.

More information

For more information on auditing in SAS Viya, refer to the official documentation, as well as this video overview.

 

Thank you for reading. I hope the information provided in this post has been helpful. Please leave a comment below to ask questions or share your own experiences.

Version history
Last update:
‎03-22-2020 07:40 PM
Updated by:
SAS Employee
Contributors

Ready to join fellow brilliant minds for the SAS Hackathon?

Build your skills. Make connections. Enjoy creative freedom. Maybe change the world. Registration is now open through August 30th. Visit the SAS Hackathon homepage.

Register today!

Free course: Data Literacy Essentials

Data Literacy is for all, even absolute beginners. Jump on board with this free e-learning  and boost your career prospects.

Get Started

Article Labels
Article Tags