Skip to content

sas-proc-mon

Running the module

Linux

RHEL7+

To control the module, use systemctl as either root or using sudo:

systemctl start sas-proc-mon
systemctl stop sas-proc-mon
systemctl restart sas-proc-mon
systemctl status sas-proc-mon

RHEL6.x

To control the module, use initctl as either root or using sudo:

start sas-proc-mon
stop sas-proc-mon
restart sas-proc-mon
status sas-proc-mon

If the module fails to start check the ESM agent logs folder for a file called sas-proc-mon_nohup.log. This file will contain information about the cause of the failure. If the module starts successfully, you can check the logs folder for a file called mod-sas-proc-mon.log which will contain logging information from the module.

Windows

To control the module, use the Windows "Services" application.

Configuration Reference

Setting Sub-Setting Type Description
frequency int Amount of time between iterating over all log directories specified in logLocations.
maxFileAge int Time in miliseconds after which we consider a file "stale" and no longer keep checking it.

If a file gets touched again then we read what's new.
minRealTime float The amount of decimal time (seconds.miliseconds) that we consider to be the minimum for including as an event. Used to exclude lost of very small PROC events. Minimum is 0.00
logThresholds time int Used for debugging. If an iteration of the main loop process takes long than this amount (time in seconds) then a message is output to the log.
sasType dict The type of SAS environment that we are checking against.
sas9ConfigRoot dict When sasType is set to v9, this is the location of the "LevX" folder of the SAS configuration.
capture_data_access boolean Whether or not data access events should be captured. If enabled, the logging configuration for this needs to be updated as per the documentation below.
checkLogHasProcess boolean Whether or not the PID should be checked on the host where the module is running. Useful in multi-node environments that have a common logging location.
file_encoding string The encoding of the log files to be read.
v9ServerTypes nameCheckString string A unique string in the filename for this process type to identify it. Useful when all server logs are written to the same directory.
v9ServerTypes logconfig object Specified the fileName to look for for logging parameters, as well as the appender and parameter name to find the log file.
v9ServerTypes directory object Override the logconfig behaviour with a hardcoded directory for where we can expect all log files of this server type to be found.
v9ServerTypes pathModifier object In most scenarios the path is fixed and the filename is variable. In some instances, additional variables are added into the path (e.g. username). In these cases the path should be modified to be the last "fixed" path. This option should most likely be used with the traverse option.
v9ServerTypes traverse boolean If True all subfolders of the logs directory will be added to the watch list.
v9ServerTypes serverType dict This is the type of server that we are looking for. This corresponds to the folder types with the application server context.
v9ServerTypes searchStrings dict These are the regexes that are used to capture the events from the SAS logs.

By default they are configured for a %d - %m conversion pattern which provides all of the data that this module needs while minimizing file size and maximising standard readability.
viyaServerTypes serverType dict This is the type of server that we are looking for.
viyaServerTypes directory dict This is the location that we are looking for logfiles.
viyaServerTypes searchStrings dict These are the regexes that are used to capture the events from the SAS logs.

By default they are configured for a %d - %m conversion pattern which provides all of the data that this module needs while minimizing file size and maximising standard readability.
Last update: April 24, 2023
Created: April 24, 2023