12-21-2014 10:05 AM
I need one help please ,to copy SAS logs from one location to different location on a daily basis which I will schedule in control -M.but I have SAS logs in 25 AIX servers and need to copy in single location in AIX.can anyone help me please? Thanks in advance .
12-21-2014 10:40 AM
One possibility would be to use the altlog option in all of the configuration files on all 25 machines, creating the name to reflect a combination of the username, datetime and, say, a 10 digit random number.
12-21-2014 12:05 PM
venkatnaveen, You are describing something that is common to a SIEM process. That is normally coming into some requirements and implementation when there is a RBAC process.
Too often just some partial statements are made causing even more trouble by confusing discussions.
With 25 AIX servers, I hope you are indicating those are VM's and not bare-irons, there is some advanced implementation but is probably missing the grid concept and going for every department having his own machine. Please describe that.
Within the EIP, Enterprise Intelligence Platform, you have the SAS metadataserver and much more. Logging is part of this architecture using Arm log4j and more common interfaces. The SAS APM tool and eventmanager have partially logging and monitoring management (yes partially). When you are having SAS/connect the data of those could be scripted transferred to any other location.
For SIEM tools like SPLUNK are often used and accepted by the SOC-teams as analytitcs and BI tooling. Wondering why SAS is not used at SOC-teams (SOC Security Operations Center).
12-22-2014 05:09 AM
Run your SAS jobs in a way that each batch job generates a distinct log (jobname.date_time_processnumber.log).
Then you can copy all *.date_*.log files for a given date in a shell script, using sftp for the transfer.
Install that shell script on all your AIX servers, and have it run by the scheduler.
Aside from running the SAS jobs with the correct -log option, nothing needs to be done in SAS. Handling files like that is best done on the OS level.