View
246
Download
2
Category
Preview:
Citation preview
Implementing Audit Trails in a SAS Environment
Suhail Wali
Audit Trail
An audit trail (or audit log) is a security-relevant chronological record, set of records,or destination and source of records thatprovide documentary evidence of thesequence of activities that have affected atany time a specific operation, procedure, orevent.
- Wikipedia -
Where can we find audit trails?
• Financial Transactions
• Scientific research
• Health care data transactions
• Communication
Leveraging SAS to implement Audit trails
http://support.sas.com/documentation/cdl/en/lrcon/67227/HTML/default/viewer.htm#n0ndg2uekz7qkbn1caoki2hzqx8l.htm
Single source of updates
Digital Anarchy
Audit Trail File
• Created by Base SAS engine
• Same libref and member name as the data file
• Data type - AUDIT
• Replicates variables in the data file and adds twomore types
- _AT*_ variables – automatic variables storingmodification data
- User created variables for storing modificationdata
_AT*_ Variable Description
_ATDATETIME_ Stores the date and time of a modification
_ATUSERID_ Stores the logon user ID that is associated with a modification
_ATOBSNO_ Stores the observation number that is affected by the modification
_ATRETURNCODE_ Stores the event return code
_ATMESSAGE_ Stores the SAS log message at the time of the modification
_ATOPCODE_ Stores a code that describes the type of modification
_AT*_ variables
Code Modification
AL Auditing is resumed
AS Auditing is suspended
DA Added data record image
DD Deleted data record image
DR Before-update record image
DW After-update record image
EA Observation add failed
ED Observation delete failed
EU Observation update failed
_ATOPCODE_ Values
libname space "S:\audit_trail";
Data space.audit_sw;input var1 var2;datalines;10 10020 20030 30040 40050 500;
Run;
proc datasets lib=space;audit Audit_sw;initiate;
run;
/*User 1 actions*/proc sql;
insert into space.audit_sw values(60,600);delete from space.audit_sw where mod(var1,20)=0;update space.audit_sw set var2=999 where var1=10;
quit;
Example
/*Extract audit report*/
proc sql;create table space.audit_report as select * from space.audit_sw(type=audit);
quit;
Example Contd..
/*User2 actions*/
data audit_ks;input var1 var2;datalines;100 239200 456;
run;
proc append base=space.audit_sw data=audit_ks;run;
proc sql;insert into space.audit_sw values(230,780);delete from space.audit_sw where var1=20;
Quit;
Example Contd..
/*Extract audit report*/proc sql;
create table space.audit_report as select * from space.audit_sw(type=audit);
quit;
Example Contd..
Audit operations
• Initiate
• Suspend
• Resume
• Terminate
proc datasets lib=space;audit Audit_sw;initiate;
run;
Considerations
• Performance considerations
• Audit trail not preserved on files - copied- Moved- sorted in place- replaced- transferred to other Operating Environment
• Preserving audit trails when migrating data files(CEDA)- Migrate
Benefits
- Preservation of Updates
- No special programming requirements
-Flexibility of adding user variables
- Free with Base SAS license
Thank You
Suhail Wali
Ph: 0421 836 020
Email : suhail_wali@hotmail.com
Recommended