BookmarkSubscribeRSS Feed

View activity records in SAS Viya

Started ‎06-29-2023 by
Modified ‎06-29-2023 by
Views 1,844

As part of ongoing efforts to enhance SAS Viya administration capabilities, we will introduce in this blog post a new program within the pyviyatools repository. getactivityrecords.py is a Python script designed to retrieve and analyze activity records from the SAS Viya environment. These activity records are a kind of audit record that provide insights into the operations and usage patterns of your SAS Viya deployment, enabling administrators and audit compliance folks to better understand at a high-level how the Viya deployment is being used by end users.

 

The concept of activities has been introduced within SAS Viya's audit service to provide a way to inject higher-level business logic into the auditing process. Traditionally, auditing focuses on low-level technical details, providing limited visibility into the actual usage patterns of different endpoints, making it somewhat challenging to derive meaningful insights. With the introduction of activities, the auditing framework gains a new, higher-level perspective to make auditing more intuitive and understandable. This improved understanding allows for better analysis, troubleshooting, and decision-making based on the audit data.

 

The audit service routinely loads activity data, which is stored in PostgreSQL, into the SystemData.AUDIT_ACTIVITIES table in CAS for reporting. The User Activity VA report provides a way for users to visualise audit data, but there is not yet a way to do the same for activity data, nor to view the raw activity records themselves.

 

Enter getactivityrecords.py, the latest addition to the growing pyviyatools repository.

 

To get started with getactivityrecords.py, you can simply clone the pyviyatools GitHub repository and install the necessary dependencies. When it is run, getactivityrecords.py leverages the SAS Viya REST API to retrieve activity records from the SAS Infrastructure Data server. It also allows you to specify the time range and filters to narrow down the scope of the records you want to retrieve. These records can not yet be surfaced from the sas-viya CLI's audit plug-in, which instead retrieves only the 'regular' audit records.

 

The program supports multiple output formats, including CSV (default), JSON, and Pandas DataFrames. This flexibility allows you to seamlessly integrate the retrieved activity records into your preferred reporting tools or visualization platforms. Leveraging scheduling tools like cron, you can automate the execution of getactivityrecords.py at regular intervals, enabling the continuous capture of activities within the SAS Viya environment.

 

The simplest way to execute the program is to simply run it without any additional parameters: getactivityrecords.py  

 

Output:

 

id ,type ,action ,administrativeAction ,state ,user ,application ,timeStamp ,remoteAddress
"2e88b242-1e6b-4aae-bab0-5cdb740d5aee","resource","create","False","success","dagentsrv-gelcorp","identities","2023-06-13T09:15:34.471Z","10.42.1.13"
"8d6a74dc-5219-41b4-aaf7-538b24a8e41a","resource","create","False","success","dagentsrv-gelcorp","identities","2023-06-13T09:15:35.877Z","10.42.1.13"
"e40bf1ec-47db-4d95-89a0-aa7d3a5204a4","security","login","False","success","geladm","SASLogon","2023-06-13T09:21:54.678Z","127.0.0.1"
"efd0af8e-6439-4a3e-97e9-fe50efa5a163","security","login","False","success","geladm","SASLogon","2023-06-13T09:21:55.61Z","127.0.0.1"
"5394eeb4-a321-4a3a-bd2c-0b7a4cb01438","security","login","False","success","geladm","SASLogon","2023-06-13T09:22:02.093Z","127.0.0.1"
"37e04c46-693f-4899-bb74-3a84a593f184","security","login","False","success","geladm","SASLogon","2023-06-13T09:22:03.771Z","127.0.0.1"
"0d4d1a45-2b12-4399-89ba-57de5a6753c7","security","login","False","success","geladm","SASLogon","2023-06-13T09:22:04.449Z","127.0.0.1"
"f2ce150d-613b-48c4-812f-7cb86ecad433","security","login","False","success","geladm","SASLogon","2023-06-13T09:22:05.314Z","127.0.0.1"
"de62ccdc-1e42-403c-a047-3676812219cc","security","login","False","success","geladm","SASLogon","2023-06-13T09:22:12.019Z","127.0.0.1"
"84f530bf-4f93-4b78-893e-e200bf0cba68","security","login","False","success","geladm","SASLogon","2023-06-19T02:53:41.367Z","127.0.0.1"
"be704891-ac56-4646-bd89-18206597a4ab","security","SessionAuthenticationSuccess","False","success","geladm","SASLogon","2023-06-19T02:53:41.375Z","127.0.0.1"
"fbad594a-8571-4e32-83b3-95204d90d930","security","AdministrativeAction","True","success","geladm","SASLogon","2023-06-19T02:53:48.372Z","127.0.0.1"
"e8556c28-e72d-4f3f-b281-207f12f15f68","security","login","False","success","geladm","SASLogon","2023-06-19T03:22:09.338Z","127.0.0.1"
"4591fdf7-25c6-4ea2-b705-ab60e89b5fbf","security","SessionDestroyed","True","success","geladm","SASLogon","2023-06-19T03:24:38.374Z","127.0.0.1"
"c8005e77-0250-4287-bd45-5eda35238687","security","login","False","success","geladm","SASLogon","2023-06-19T04:28:44.194Z","127.0.0.1"
"7a012678-70ae-424c-9088-c5890e9a2d7c","security","SessionAuthenticationSuccess","False","success","geladm","SASLogon","2023-06-19T04:28:44.198Z","127.0.0.1"
"d85ebff4-74e4-4762-8b3c-3802a43a2504","security","AdministrativeAction","True","success","geladm","SASLogon","2023-06-19T04:28:45.906Z","127.0.0.1"
"aa407dcb-50fb-4951-86ca-5e39c9db5989","security","login","False","success","Ahmed","SASLogon","2023-06-19T04:31:02.689Z","127.0.0.1"
"15a68ff7-a6cc-4b18-a8df-be770269cf61","security","SessionAuthenticationSuccess","False","success","Ahmed","SASLogon","2023-06-19T04:31:02.691Z","127.0.0.1"
"4c8f6b3b-32ca-4f00-b3fe-4d4a482624ad","security","SessionDestroyed","False","success","Ahmed","SASLogon","2023-06-19T04:37:00.375Z","127.0.0.1"
"cf42e5fa-ea42-430d-b8a7-c095be8c9194","security","login","False","success","Delilah","SASLogon","2023-06-19T04:37:05.142Z","127.0.0.1"
"17404791-57b0-4f62-9c1d-5c763ec4ceda","security","SessionAuthenticationSuccess","False","success","Delilah","SASLogon","2023-06-19T04:37:05.149Z","127.0.0.1"
"50d7eb6e-89d9-42f3-817a-591dde1ca3af","security","SessionDestroyed","True","success","geladm","SASLogon","2023-06-19T04:59:38.474Z","127.0.0.1"
"6a44bbf8-b0a3-4171-9e02-337364bdeb6e","security","login","False","success","Delilah","SASLogon","2023-06-19T05:22:14.95Z","unknown"
"1af2d753-5235-4cdf-b754-bc5397d2661e","security","SessionDestroyed","False","success","Delilah","SASLogon","2023-06-19T05:32:38.52Z","127.0.0.1"

 

As the sample output above shows, activity records are currently capturing predominantly security-type records. This is expected to grow in future releases to include records from more and more applications for capturing additional types of user actions.

 

You can also add additional flags for filtering the output. For example, you can narrow the results by user, application, action, or time range. Consult the built-in documentation to view all options: getactivityrecords.py -h

 

Output:

 

usage: getactivityrecords.py [-h] [-l LIMIT] [-t TYPE] [-a APPLICATION]
                             [-c ACTION] [-d ADMIN_ACTION] [-s STATE]
                             [-u USER] [-A AFTER] [-B BEFORE] [-S SORTBY]
                             [-o {csv,json,simple,simplejson}]

optional arguments:
  -h, --help            show this help message and exit
  -l LIMIT, --limit LIMIT
                        Maximum number of records to display
  -t TYPE, --type TYPE  Filter by entry Type
  -a APPLICATION, --application APPLICATION
                        Filter by entry Application
  -c ACTION, --action ACTION
                        Filter by entry Action
  -d ADMIN_ACTION, --admin-action ADMIN_ACTION
                        Filter by Administrative Action
  -s STATE, --state STATE
                        Filter by entry State
  -u USER, --user USER  Filter by Username
  -A AFTER, --after AFTER
                        Filter entries that are created after the specified
                        timestamp. For example: 2020-01-03 or
                        2020-01-03T18:15Z
  -B BEFORE, --before BEFORE
                        Filter entries that are created before the specified
                        timestamp. For example: 2020-01-03 or
                        2020-01-03T18:15Z
  -S SORTBY, --sortby SORTBY
                        Sort the output ascending by this field
  -o {csv,json,simple,simplejson}, --output {csv,json,simple,simplejson}
                        Output Style

 

Understanding how your SAS Viya environment is being used can help SAS Viya administrators to meet regulatory obligations, monitor and review security aspects, troubleshoot effectively and better align platform usage with broader business objectives. By leveraging the power of Python and the flexibility of SAS Viya's REST API, getactivityrecords.py enables the retrieval and analysis of activity records to provide valuable insights into user patterns for administrators and auditors.

 

 

Find more articles from SAS Global Enablement and Learning here.

Comments

DearAjmalFarzam, 

Working in Pharmaceutical industry and currently deploying SAS VIYA, I'm interested by your post. 

I need to have audit trail to log user activity in terms of creation, modification, deletion of filed, folders, programs, etc. (in sas compute at least where we have set up a direct access to a NFS share). 

I will need help to set-up this.

Do you have any advices to share with us?

Kind regards, 

Version history
Last update:
‎06-29-2023 10:42 PM
Updated by:
Contributors

sas-innovate-2024.png

Available on demand!

Missed SAS Innovate Las Vegas? Watch all the action for free! View the keynotes, general sessions and 22 breakouts on demand.

 

Register now!

Free course: Data Literacy Essentials

Data Literacy is for all, even absolute beginners. Jump on board with this free e-learning  and boost your career prospects.

Get Started

Article Tags