Previous Page | Next Page

The DATASETS Procedure

AUDIT Statement

Initiates and controls event logging to an audit file as well as suspends, resumes, or terminates event logging in an audit file.
Tip: The AUDIT statement takes one of two forms, depending on whether you are initiating the audit trail or suspending, resuming, or terminating event logging in an audit file.
See also: "Understanding an Audit Trail" in SAS Language Reference: Concepts
AUDIT SAS-file <(SAS-password)>;
INITIATE
<AUDIT_ALL=NO|YES>;
<LOG <ADMIN_IMAGE=YES|NO>
<BEFORE_IMAGE=YES|NO>
<DATA_IMAGE=YES|NO>
<ERROR_IMAGE=YES|NO>>;
<USER_VAR variable-1 <... variable-n>>;
AUDIT SAS-file <(<SAS-password> <GENNUM= integer>)>;
SUSPEND|RESUME|TERMINATE;

Required Arguments and Statements

SAS-file

specifies the SAS data file in the procedure input library that you want to audit.

INITIATE

creates an audit file that has the same name as the SAS data file and a data set type of AUDIT. The audit file logs additions, deletions, and updates to the SAS data file. You must initiate an audit trail before you can suspend, resume, or terminate it.

Options

SAS-password

specifies the password for the SAS data file, if one exists. The parentheses are required.

GENNUM=integer

specifies that the SUSPEND, RESUME, or TERMINATE action be performed on the audit trail of a generation file. You cannot initiate an audit trail on a generation file. Valid values for GENNUM= are integer, which is a number that references a specific version from a generation group. Specifying a positive number is an absolute reference to a specific generation number that is appended to a data set's name; that is, gennum=2 specifies MYDATA#002. Specifying a negative number is a relative reference to a historical version in relation to the base version, from the youngest to the oldest; that is, gennum=-1 refers to the youngest historical version. Specifying 0, which is the default, refers to the base version. The parentheses are required.

AUDIT_ALL=NO|YES

specifies whether logging can be suspended and audit settings can be changed. AUDIT_ALL=YES specifies that all images are logged and cannot be suspended. That is, you cannot use the LOG statement to turn off logging of particular images, and you cannot suspend event logging by using the SUSPEND statement. To turn off logging, you must use the TERMINATE statement, which terminates event logging and deletes the audit file.

Default: NO
LOG

specifies the audit settings:

ADMIN_IMAGE=YES|NO

specifies whether the administrative events are logged to the audit file (that is, the SUSPEND and RESUME actions).

BEFORE_IMAGE=YES|NO

specifies whether the before-update record images are logged to the audit file.

DATA_IMAGE=YES|NO

specifies whether the added, deleted, and after-update record images are logged to the audit file.

ERROR_IMAGE=YES|NO

specifies whether the after-update record images are logged to the audit file.

Default: All images are logged by default; that is, all four are set to YES.
Tip: If you do not want to log a particular image, specify NO for the image type. For example, the following code turns off logging the error images, but the administrative, before, and data images continue to be logged: 
log error_image=no;
USER_VAR variable-1 < ... variable-n>

defines optional variables to be logged in the audit file with each update to an observation. The following syntax defines variables:

USER_VAR variable-name-1 <$> <length> <LABEL='variable-label' >
<... variable-name-n <$> <length> <LABEL='variable-label' > >
where
variable-name

is a name for the variable.

$

indicates that the variable is a character variable.

length

specifies the length of the variable. If a length is not specified, the default is 8.

LABEL='variable-label'

specifies a label for the variable.

You can define attributes such as format and informat for the user variables in the data file by using the PROC DATASETS MODIFY statement.

SUSPEND

suspends event logging to the audit file, but does not delete the audit file.

RESUME

resumes event logging to the audit file, if it was suspended.

TERMINATE

terminates event logging and deletes the audit file.

Creating an Audit File

The following example creates the audit file MYLIB.MYFILE.AUDIT to log updates to the data file MYLIB.MYFILE.DATA, storing all available record images:

proc datasets library=MyLib;
   audit MyFile (alter=MyPassword);
   initiate;
run;

The following example creates the same audit file but stores only error record images:

proc datasets library=MyLib;
   audit MyFile (alter=MyPassword);
   initiate
      log data_image=NO before_image=NO;
run;

Previous Page | Next Page | Top of Page

Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.