Finding Interesting SAS 9 Loggers

SAS 9 server log files contains lots of useful information to help you monitor, audit, and troubleshoot the usage of your SAS 9 platform deployments. However, sometimes the information you need might not be there by default. Thankfully the SAS 9 Logging Facility is flexible and allows a wide range of configuration customizations. Usually this is done by modifying the logconfig.xml file for the SAS server of interest, such as the SAS Metadata Server. This config file is normally only read when the SAS server restarts so you might not want to keep restarting a heavily used server to test out your logging config changes. This is where the SAS Management Console Server Manager plug-in shines. You can use it to connect to a SAS server, view all of the available loggers, change their logging levels, and have those changes take effect immediately without a server restart. If you find loggers and levels that give you the information you need, you can then update the config file and have the server restarted at a much more convenient time.

You can find the SAS documentation for this under Using SAS Management Console to Monitor SAS Servers. In this post I show how I use it to find interesting SAS metadata Server loggers. Continue reading “Finding Interesting SAS 9 Loggers”

Did I add that CA Certificate to the SAS Trusted CA Bundle?

Sometimes I forget whether I’ve added our internal site root and intermediate CA certificates to the Trusted CA Bundle that SAS® Software applications use. Sometimes I also forget the command I can use to find out whether I did! ;) As is often the case with my blog posts, by jotting things down here, I can find them again either by searching this blog, or more likely, by remembering I wrote it when I see it turn up in Google search results!

If you use site-signed certificates from your own internal CA in your SAS platform installations then you’re probably already familiar with adding them to the Trusted CA Bundle using the SAS Deployment Manager (see the Manage Certificates in the Trusted CA Bundle Using the SAS Deployment Manager section in the Encryption in SASĀ® 9.4 book for more info).

If you want to find out what CA certificates are already in that bundle you can use the Java keytool command like so:

/opt/sas94m5/sashome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/keytool -list -keystore /opt/sas94m5/sashome/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.jks -storepass changeit

It generates a long list of CA certs, so I pipe it through grep to look for the ones I want:

/opt/sas94m5/sashome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/keytool -list -keystore /opt/sas94m5/sashome/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.jks -storepass changeit | grep -i metacoda

If you want more details on the certificates you can Continue reading “Did I add that CA Certificate to the SAS Trusted CA Bundle?”

Active Directory Authentication for SAS on Linux (with realmd)

This is another post in the series about configuring a SAS platform on Linux to use Integrated Windows Authentication (IWA), in this post I’m going to jot down some notes on steps 1-7 – configuring the Linux server for Active Directory (AD) Authentication.

Some time has passed since I wrote the original post, and a few things have changed. I’m now running SAS 9.4 M3, but this post should equally apply to SAS 9.4 M2. I have also switched the Linux distribution from Debian to CentOS 7.1. I am also using a much simpler method of joining the Linux server to the AD domain, using the realmd package (previously there were lots of individual steps using the underlying packages but realmd automates most of this). In this post I’m going to outline the simpler method using realmd of course.

Here goes … Continue reading “Active Directory Authentication for SAS on Linux (with realmd)”