Hi all.
I want to set up server-side logging for (mainly) all the Enterprise Guide users, so we can check what actions are done, and which tables have been accessed at a certain time, and by whom.
I have come to the point where a separate log file is written by every single SAS workspace server instance (coded with YYYYMMDDhhmmss in the filename). But in the default configuration, these logs only show what's happening during startup and shutdown, but not what the user actually does in EG.
I now want to populate these log files with more or less the same logs that are shown in EG in the Log tab of the nodes in the project, without filling the files with unnecessary clutter.
Has anybody done this already and can give me a quick "cookbook"?
SAS version is 9.2 on AIX.
Hi
You can use the logconfig.trace.xml as a base, change any logging level from debug to info, to reduce the amount of log messages written..
Add the logger name (%c) to the conversion pattern, so you can see which logger writes which messages. You will see that the logger App.Program will show the "SAS Log" for all the code executed.
I just did this today during a training course (SAS9.4). But I guess this was already in place with SAS9.2
With SAS9.4 there are logger that tracks access to SAS data sets
See also the example in doc for SAS9.4 SAS(R) 9.4 Logging: Configuration and Programming Reference
Hi
You can use the logconfig.trace.xml as a base, change any logging level from debug to info, to reduce the amount of log messages written..
Add the logger name (%c) to the conversion pattern, so you can see which logger writes which messages. You will see that the logger App.Program will show the "SAS Log" for all the code executed.
I just did this today during a training course (SAS9.4). But I guess this was already in place with SAS9.2
With SAS9.4 there are logger that tracks access to SAS data sets
See also the example in doc for SAS9.4 SAS(R) 9.4 Logging: Configuration and Programming Reference
Bruno is "the master" of this, so all I can offer is a minor issue.
If you automate these system option defaults for the user sessions
-logparm rollover=session
-altlog xxxxxxxx.log
You can use #directives in that xxxxxxx to show timestamp and processid in the logfile name. It can be routed to whatever folder suits you. (you just need to ensure users have write permission there).
Then you get all that the user logs show (and all that might be hidden by proc printto, too)
Peter
Can you give me a quick overview which processes write these log files? My goal is to have each user's logs in their own home directory tree, so I need to be concerned with the correct permissions. If the workspace server process (that runs under the user's own login) itself writes the log, it won't be a problem.
The user under which the SAS process runs will write the log files. The workspace server (used by EG) does not write any log files by default.
The location where these files are written, are defined in the logconfig.xml file using the FileNamePattern, see example below
<!-- Rolling log file with default rollover of midnight -->
<appender class="RollingFileAppender" name="TimeBasedRollingFile">
<param name="Append" value="false"/>
<param name="Unique" value="true"/>
<param name="ImmediateFlush" value="true"/>
<rollingPolicy class="TimeBasedRollingPolicy">
<param name="FileNamePattern" value="/SASProject/EDI_EBI_VA/Lev1/SASApp/WorkspaceServer/Logs/SASApp_WorkspaceServer_%d_%S{hostname}_%S{pid}.log"/>
</rollingPolicy>
<layout>
<param name="HeaderPattern" value="Host: '%S{hostname}', OS: '%S{os_family}', Release: '%S{os_release}', SAS Version: '%S{sup_ver_long2}', Command: '%S{startup_cmd}'"/>
<param name="ConversionPattern" value="%d %-5p [%t] %X{Client.ID}:%u - %m"/>
</layout>
</appender>
StoredProcess Server and PooledWorkspace Server do write log files by default
Thank you. So I can safely use $HOME/somewhere as the path to store the files.
Hi, Bruno
Recently, I'm doing the same thing, thankyou for your answer. But I want to add the sas user to the filename of log, how should I do?
The default name is:
SASApp_WorkspaceServer_%d_%S{hostname}_%S{pid}.log
I tried add {userid} or {user}, failed. How shoud I done that? Where is the definition of {hostname}, {pid}.
Implement APM all is there. SAS 9.2 Audit and Performance Measurement. The log files with ARM (log4j) as Bruno has described are part of it.
The 9.2 version must be requested at SAS for a download. The 9.3 and 9.4 versions are free for download. SAS Audit, Performance and Measurement package The 9.4 version is smaller as the 9.3 as some things have been moved to the "event manager". It is activating the *.aud files already present in the appserver directories
For monitoring EGuide usage with those personal keys there must be a location on Unix where it is open for storing those files.
I owe you some of the failures in the config .../Lev-/SASApp/.... folder structure. These are:
- 38040 - Setting umask and ulimit values for SAS® sessions on UNIX and Linux
- 50345 - Changing the current working directory for the SAS® Workspace Server
- The dogma the SASApp structure is the same as for segregation of authorization and the location for the business application.
When you will install APM (read the 9.3 APM documentation) all is assumed to be placed in the --/lev1/SASApp/... directory as a business application.
Sharing APM between SASApp server has become a more advanced topic this way.
I do not understand the how of this technical instructions the Why Who When Where questions looks to be have been bypassed. I know some backgrounds of regulations coming in why SIEM (Security Information Event Monitoring) is important. I would expect someone in your office would propose using Splunk
You could use a dedicated xml-file like the aud-ones and activate that in the usermods-config for each server-type.
Changing the original standard xml-file for logging is also an option but I do not know what the effect is with newer tools also possible modifying that.
Thanks all for the help, I now have something reasonable in place.
For further information:
when I set up the 9.2 environment, I decided to let SASApp stay in its pristine state, and instead created several different Application Server environments for our "customers". SASApp basically acts as a blueprint, but is not used otherwise. I then transferred the old 9.1.3 configuration into one of the "customer" trees. I have now converted this tree so that it follows the conventions of SASApp (including "inheritance" of configs) and gotten the logging to work in (mostly) "Info" level. Now I should be able to identify accesses to certain tables and also see user's errors directly on the server.
SAS Innovate 2025 is scheduled for May 6-9 in Orlando, FL. Sign up to be first to learn about the agenda and registration!
What’s the difference between SAS Enterprise Guide and SAS Studio? How are they similar? Just ask SAS’ Danny Modlin.
Find more tutorials on the SAS Users YouTube channel.
Ready to level-up your skills? Choose your own adventure.