cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed

Purging archived audit records in SAS Viya

Started ‎10-20-2022 by
Modified ‎10-20-2022 by
Views 611

An earlier post outlined the steps involved in setting up archiving for older audit records out of SAS Viya's Audit service. A new feature has since been added to SAS Viya to optionally enable the purging of these archived audit records once they reach a defined retention period to keep the PV storage clean and tidy. This post demonstrates the required steps.

 

There are two relevant configuration instances to set up the purging of archived audit records. The first, sas.audit.archive, was reviewed in the previous post, but now contains some additional configurable properties.

 

af_1_audit_record_archive_purge_retention-1024x551.png

Select any image to see a larger version.
Mobile users: To view the images, select the "Full" version at the bottom of the page.

 

 

The *.retention.in.archive properties control the period for which audit and activity records are kept in the archive destination before they are purged. Define your retention period in these fields when setting up archiving. If your customer requires records to be kept for longer, adjust the value as necessary. In the example above, archived audit records more than a day old will be cleaned up by the purge process. Also note that another new property is also now available to define the minimum amount of available space required on storage before archiving occurs. Set your threshold value (a percentage of available space) in the storage.local.remainingSpaceThreshold property as required.

 

Then there's the new sas.audit.purge configuration instance which toggles the purge function on and off, and defines the frequency at which the purge process will run.

 

af_2_sas_audit_purge-1024x505.png

 

 

To enable purging, ensure that the enabled switch is turned on, and then define the schedule using cron standard syntax. In the same way that audit records are archived to the attached storage volume according to the schedule defined in the scanSchedule property, the purge process will remove record from the defined archive volume path per the schedule.

 

If backups of archived audit records (or PVCs) are required, be sure to take them between scheduled purges. Admins can also opt to disable the purge facility and manually delete archived records on an ad-hoc basis, but elevated privileges are required.

 

Thanks for reading. For more on the Audit service, refer to the SAS Viya: Administration guide.

 

Find more articles from SAS Global Enablement and Learning here.

0 Likes
Comments
kd92
‎02-05-2023 11:07 PM
‎02-05-2023 11:07 PM

Hi,

 

Can I verify for what release of SAS Environment Manager is this applicable? Currently, I am using SAS Environment Manager (release 3.4) along with SAS Viya release V.03.05 in my environment and I do not see the sas.audit.purge definition available. 

 

I would like to find out more on how do I manage audit logs generated in my case as I did not define a location for storage.local.destination but audit logs are written to /var/log/audit.

 

In my case, SAS Viya is deployed on a VM RHEL instance with single machine deployment setup.

 

Intention: to keep audit logs for only last 3 months and delete audit logs beyond 3 month retention period

0 Likes
SASKiwi
‎02-06-2023 09:56 PM
‎02-06-2023 09:56 PM

I'm pretty sure this post relates to Viya 4 as there are references to this in the above earlier linked post.

0 Likes
Version history
Last update:
‎10-20-2022 12:10 AM
Updated by:
SAS Employee
Contributors

SAS INNOVATE 2024

Innovate_SAS_Blue.png

Registration is open! SAS is returning to Vegas for an AI and analytics experience like no other! Whether you're an executive, manager, end user or SAS partner, SAS Innovate is designed for everyone on your team. Register for just $495 by 12/31/2023.

If you are interested in speaking, there is still time to submit a session idea. More details are posted on the website. 

Register now!

Free course: Data Literacy Essentials

Data Literacy is for all, even absolute beginners. Jump on board with this free e-learning  and boost your career prospects.

Get Started

Article Labels
Article Tags