Tag: Logging

Interesting SAS 9 Metadata Server Access Control Loggers

In my previous post on Finding Interesting SAS 9 Loggers, I highlighted 3 loggers I find useful for SAS 9 metadata access control change auditing, especially when using the new Metacoda Plug-ins 6.2 Activity Reviewer. There is also a 4th logger where you might already have trace level logging enabled, as it is configured so when you set up the SAS Environment Manager Service Architecture Audit, Performance, and Measurement (APM) component. In this post I want to go into more detail on each of those 4 loggers and explain what information they log and why I find them useful.

SAS Management Console Server Manager Logger Dialog

The loggers in question are:

  • Audit.Meta.Security.AccCtrlAdm
  • App.OMI.SecurityAdmin.SetAuthorizationsOnObj
  • App.OMI.SecurityAdmin.ApplyACTToObj
  • App.OMI.SecurityAdmin.RemoveACTFromObj

Continue reading “Interesting SAS 9 Metadata Server Access Control Loggers”

Finding Interesting SAS 9 Loggers

SAS 9 server log files contains lots of useful information to help you monitor, audit, and troubleshoot the usage of your SAS 9 platform deployments. However, sometimes the information you need might not be there by default. Thankfully the SAS 9 Logging Facility is flexible and allows a wide range of configuration customizations. Usually this is done by modifying the logconfig.xml file for the SAS server of interest, such as the SAS Metadata Server. This config file is normally only read when the SAS server restarts so you might not want to keep restarting a heavily used server to test out your logging config changes. This is where the SAS Management Console Server Manager plug-in shines. You can use it to connect to a SAS server, view all of the available loggers, change their logging levels, and have those changes take effect immediately without a server restart. If you find loggers and levels that give you the information you need, you can then update the config file and have the server restarted at a much more convenient time.

You can find the SAS documentation for this under Using SAS Management Console to Monitor SAS Servers. In this post I show how I use it to find interesting SAS metadata Server loggers. Continue reading “Finding Interesting SAS 9 Loggers”

Metacoda Activity Reviewer

The latest release of Metacoda Plug-ins, version 6.2, is now available and includes a new Activity Reviewer plug-in which can be used to review SAS® 9 platform log records from within SAS Management Console for the purposes of audit.

Metacoda Activity Reviewer

This blog post provides an overview of how it came to be, how it works, and what you can do with it. Continue reading “Metacoda Activity Reviewer”

Suppressing SAS Workspace Server MVA_DSIO.OPEN_CLOSE and _DISARM Messages

This is just a very quick post to jot down the location of a SAS reference that I keep losing! I have the SAS Audit, Performance and Measurement (APM) package installed in my older SAS 9.4 M0 dev/test environment. The APM package is now deprecated as the functionality has moved into SAS Environment Manager (from 2.4). One of the effects of having APM installed is that my SAS Workspace Server logs have a huge number of lines that look like this: 

NOTE: MVA_DSIO.OPEN_CLOSE| _DISARM|         STOP| _DISARM| 2016-07-31T15:44:27,279+10:00| _DISARM| WorkspaceServer| _DISARM| | 
      _DISARM| | _DISARM| | _DISARM| 9854976| _DISARM| 12| _DISARM| 12| _DISARM| 320| _DISARM| 1840| _DISARM| | _DISARM| | _DISARM| 
      | _DISARM| | _DISARM| | _DISARM| | _ENDDISARM 
NOTE: PROCEDURE| _DISARM|         STOP| _DISARM| 2016-07-31T15:44:27,279+10:00| _DISARM| WorkspaceServer| _DISARM| | _DISARM| | 
      _DISARM| | _DISARM| 9854976| _DISARM| 12| _DISARM| 12| _DISARM| 728| _DISARM| 1840| _DISARM| | _DISARM| | _DISARM| | _DISARM| 
      | _DISARM| | _DISARM| | _ENDDISARM

Sometime I want to suppress those lines (without uninstalling SAS APM). I then remember there’s a SAS page that contains instructions on how to do it, and spend several minutes trying to find it. I keep looking for a SAS Usage Note, but instead it’s a gem at the end of the SAS APM FAQ page: “Why do the Enterprise Guide SAS logs contain messages related to MVA_DSIO.OPEN_CLOSE and _DISARM? How can these messages be eliminated from the SAS log for EG users?”.

Essentially you edit the workspace server’s logconfig.apm.xml and change the Threshold of the WSLogAppender to Error.

You’ll want to pay attention to the note in the FAQ that says it will disable the SAS DI Studio Job Statistics features. I don’t use that feature in this environment, but you might!

SAS & IWA: Check the Logs

When testing Integrated Windows Authentication (IWA) based client connections to SAS® platform servers, it is well worth checking the SAS logs to verify the connections are being made the way you expect. SAS has a variety of methods up it’s sleeve to get you authenticated, including cached credentials, retrieving stored credentials from metadata, SAS token authentication etc. Looking in the SAS server logs will help you identify the connection/authentication events and methods used. In the past I’ve thought I was using IWA+Kerberos but when I looked in the log it was obvious I wasn’t! I think it’s essential when testing/troubleshooting a new IWA configuration to review the SAS server logs for both failed and successful connections.

In a previous post “SAS and IWA: Two Hops” I mentioned how sometimes it’s necessary to force the use of Kerberos with IWA to be able to make IWA delegated connections to secondary servers. So here’s some examples of what we might see in SAS server logs Continue reading “SAS & IWA: Check the Logs”