Using Splunk, customers want to set up monitoring of the CA Strong/Risk Authentication logs for failure/exception events. The question is two part
1. Customer wants to know if there are known slew of exceptions they can configure Splunk to monitor failures ?
2. Customer wants to know if any specific configuration from Product point of view to use Splunk for monitoring ?
Release :
Component : AuthMinder(Arcot WebFort)
For both the questions the answer is "No"
1. AA does not require any specific configuration to use Splunk.
2. Exceptions to monitor are not called out as every customers authentication flow and architecture (say Distributed or not, using Load Ba-lancers or not etc) can be different.
Spunk requires no product related set up. Just point Splunk to product logs and set up monitoring. So at a high level identify the Authentication flows and CA Strong/Risk Authentication components that are used in your authentication flow. For example
1. Adaptershim (arcotadaptershim.log) -- if siteminder integrated
2. SMPS (smps.log) --- if siteminder integrated
2. UDS (arcotuds.log)
3. AFM (arcotafm.log)
4. SM (arcotsm.log)
5. RiskMinder (arotriskfort.log)
6. Authminder (arcotwebfort.log)
Format of Strong Authentication Log Files - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/building/ca-strong-authentication-java-developers-information/ca-strong-authentication-logging-and-your-application/format-of-ca-strong-authentication-log-files.html
Format of UDS and Administration Console Log Files - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/building/ca-risk-authentication-web-services-developers-information/risk-authentication-logging/format-of-uds-and-administration-console-log-files.html
Format of Risk Authentication Server and Case Management Server Log Files - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/administrating/administrating-ca-risk-authentication/logs/about-the-log-files/format-of-ca-risk-authentication-server-and-case-management-server-log-og-files.html
Adapter Log File - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/installing/ca-adapter-installation/ca-adapter-configuration-files-and-options/ca-adapter-log-file.html
State Manager Log File - https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/installing/ca-adapter-installation/ca-adapter-configuration-files-and-options/state-manager-log-file.html