We previously demonstrated how in SAS Viya, audit records stored in the SAS Infrastructure Data server can be viewed using the audit plugin to the sas-admin CLI. In this post, we'll look at another method for surfacing audit records; with REST API calls made directly from a Python program.
The newest addition to the pyviyatools git repository is getauditrecords.py. It uses the call_rest_api() function, written by Gerry Nelson, to grab auditing information from the audit/entries service endpoint. As with other pyviyatools, the user executing the command must be authenticated on the command line as a pre-requisite.
The general syntax of the tool is as follows. Use the --help
or -h
options to view all of the arguments that can be used to filter and sort the output.
usage: getauditrecords.py [-h] [-a APPLICATION] [-l LIMIT] [-t TYPE]
[-c ACTION] [-s STATE] [-u USER] [-A AFTER]
[-B BEFORE] [-S SORTBY] [-o {csv,json,simple}]
optional arguments:
-h, --help show this help message and exit
-a APPLICATION, --application APPLICATION
Filter by Application or Service name
-l LIMIT, --limit LIMIT
Maximum number of records to display
-t TYPE, --type TYPE Filter by entry Type
-c ACTION, --action ACTION
Filter by entry Action
-s STATE, --state STATE
Filter by entry State
-u USER, --user USER Filter by Username
-A AFTER, --after AFTER
Filter entries that are created after the specified
timestamp. For example: 2020-01-03 or
2020-01-03T18:15Z
-B BEFORE, --before BEFORE
Filter entries that are created before the specified
timestamp. For example: 2020-01-03 or
2020-01-03T18:15Z
-S SORTBY, --sortby SORTBY
Sort the output ascending by this field
-o {csv,json,simple}, --output {csv,json,simple}
Output Style
By default, a maximum of 1000 records will be returned, and the output will be sorted by timeStamp. The result is returned as a JSON object, but is displayed on the command line in CSV form by default.
Let's look at example. How can we identify users who logged in to a visual interface on the 19th of January?
# python ./getauditrecords.py -a SASLogon -A 2020-01-19 -B 2020-01-19
id ,timeStamp ,type ,action ,state ,user ,remoteAddress ,application ,description ,uri
"d428a92e-e82d-4297-95b8-edfaed5438e8","2020-01-20T01:39:07.381Z","security","login","success","Alex","10.96.1.248","SASLogon","None","None"
"cf0cfc8d-2d84-43d5-82f5-1843bacb41cc","2020-01-20T01:39:15.766Z","security","login","success","Sasha","10.96.1.248","SASLogon","None","None"
"c93f935f-ab81-40b5-a926-67c372594dd7","2020-01-20T01:39:20.877Z","security","SessionDestroyed","success","Alex","10.96.1.248","SASLogon","None","None"
"339cbd6b-5f5d-4aba-8e4b-c7c80b4e5ee1","2020-01-20T01:39:27.447Z","security","login","success","Ahmed","10.96.1.248","SASLogon","None","None"
In the command above, we add options to filter for only those records that were created on the query date, and to filter for records generated by the SASLogon application only. From the results, we can see that Alex, Sasha and Ahmed successfully logged in to SASLogon on the 19th of January.
The program can be scheduled to run on a regular basis, and the output can be saved to an external file.
The inspiration for this tool was based on a program developed by SAS Professional Services to satisfy a customer requirement to extract audit records using Python for the purpose of writing them to an external database. Another program was created to parse information from log files, which was then merged with the extracted audit data to create a customised data source on which new audit reports could be created. The data extracted from getauditrecords.py could be used in a similar fashion. It's also possible to use the tool as alternative method of extracting audit data for tenants in a multi-tenancy environment.
In the future, the tool could be further developed by improving error handling and adding some additional features, such as providing the ability for users to display only a selected subset of columns, resolving the object URI, or displaying current audit configuration settings. A complementary tool to parse log information would be another very useful addition. For any other suggestions, please add a request or make your own contributions to the git repository.
For more information on auditing in SAS Viya, refer to the official documentation, as well as this video overview.
Thank you for reading. I hope the information provided in this post has been helpful. Please leave a comment below to ask questions or share your own experiences.
Are you ready for the spotlight? We're accepting content ideas for SAS Innovate 2025 to be held May 6-9 in Orlando, FL. The call is open until September 16. Read more here about why you should contribute and what is in it for you!
Data Literacy is for all, even absolute beginners. Jump on board with this free e-learning and boost your career prospects.