In my previous post on Finding Interesting SAS 9 Loggers, I highlighted 3 loggers I find useful for SAS 9 metadata access control change auditing, especially when using the new Metacoda Plug-ins 6.2 Activity Reviewer. There is also a 4th logger where you might already have trace level logging enabled, as it is configured so when you set up the SAS Environment Manager Service Architecture Audit, Performance, and Measurement (APM) component. In this post I want to go into more detail on each of those 4 loggers and explain what information they log and why I find them useful.
The loggers in question are:
Continue reading “Interesting SAS 9 Metadata Server Access Control Loggers”
SAS 9 server log files contains lots of useful information to help you monitor, audit, and troubleshoot the usage of your SAS 9 platform deployments. However, sometimes the information you need might not be there by default. Thankfully the SAS 9 Logging Facility is flexible and allows a wide range of configuration customizations. Usually this is done by modifying the logconfig.xml file for the SAS server of interest, such as the SAS Metadata Server. This config file is normally only read when the SAS server restarts so you might not want to keep restarting a heavily used server to test out your logging config changes. This is where the SAS Management Console Server Manager plug-in shines. You can use it to connect to a SAS server, view all of the available loggers, change their logging levels, and have those changes take effect immediately without a server restart. If you find loggers and levels that give you the information you need, you can then update the config file and have the server restarted at a much more convenient time.
You can find the SAS documentation for this under Using SAS Management Console to Monitor SAS Servers. In this post I show how I use it to find interesting SAS metadata Server loggers. Continue reading “Finding Interesting SAS 9 Loggers”
I needed to extract some SAS identity related metadata today using the Metacoda Identity Sync Utils on GitHub. That repository contains some macros we publish to help our customers and partners when they need to get hold of some identity related metadata in SAS tables for custom Identity Sync processing or other reporting requirements (if the standard SAS %MDUEXTR macro doesn’t meet their needs).
Since I use these macros on a semi-regular basis, I decided to make them available to the SAS platform as autocall macros so I could just use them in my SAS code without having to remember where they were stored and %include them. I thought I’d post some brief notes on how to set it up in case you want to do the same (and for when I need it on another SAS platform installation). Continue reading “Configuring Metacoda Identity Sync Utils for AutoCall”
Sometimes I forget whether I’ve added our internal site root and intermediate CA certificates to the Trusted CA Bundle that SAS® Software applications use. Sometimes I also forget the command I can use to find out whether I did! ;) As is often the case with my blog posts, by jotting things down here, I can find them again either by searching this blog, or more likely, by remembering I wrote it when I see it turn up in Google search results!
If you use site-signed certificates from your own internal CA in your SAS platform installations then you’re probably already familiar with adding them to the Trusted CA Bundle using the SAS Deployment Manager (see the Manage Certificates in the Trusted CA Bundle Using the SAS Deployment Manager section in the Encryption in SAS® 9.4 book for more info).
If you want to find out what CA certificates are already in that bundle you can use the Java keytool command like so:
/opt/sas94m5/sashome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/keytool -list -keystore /opt/sas94m5/sashome/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.jks -storepass changeit
It generates a long list of CA certs, so I pipe it through grep to look for the ones I want:
/opt/sas94m5/sashome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/keytool -list -keystore /opt/sas94m5/sashome/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.jks -storepass changeit | grep -i metacoda
If you want more details on the certificates you can Continue reading “Did I add that CA Certificate to the SAS Trusted CA Bundle?”
This is another post in the series about configuring a SAS platform on Linux to use Integrated Windows Authentication (IWA), in this post I’m going to jot down some notes on steps 1-7 – configuring the Linux server for Active Directory (AD) Authentication.
Some time has passed since I wrote the original post, and a few things have changed. I’m now running SAS 9.4 M3, but this post should equally apply to SAS 9.4 M2. I have also switched the Linux distribution from Debian to CentOS 7.1. I am also using a much simpler method of joining the Linux server to the AD domain, using the realmd package (previously there were lots of individual steps using the underlying packages but realmd automates most of this). In this post I’m going to outline the simpler method using realmd of course.
Here goes … Continue reading “Active Directory Authentication for SAS on Linux (with realmd)”