syslog format changed after upgrade to 12.8

Article Id: 195330
Status: Published
Updated On: 17-07-2020 08:49
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) , CA Single Sign On Agents (SiteMinder) , CA Single Sign On Federation (SiteMinder) , CA Single Sign On SOA Security Manager (SiteMinder) , SITEMINDER
Issue/Introduction:

 

We're running a Policy Server on Linux, this one sends log to syslog
service in that format :

  Siteminder: AuthAccept ps.training.com [08/Jul/2020:12:48:14 +0200]
  "192.168.1.111 uid=jsmith,dc=training,dc=com" "mywa.mydomain-abc.com
  GET /home/index.html" [idletime=3600;maxtime=7200;authlevel=5;] [0]
  [] []

This happens since we've upgraded Policy Server 12.52SP1 to 12.8. In
Policy Server 12.52SP1, the logs had that format instead :

  Siteminder: [Auth][AuthAccept][][ps.training.com][06/Jul/2020:10:02:59
  +0200][mywa.mydomain-abc.com][rt2ps3q0JaPbymGud7aW71baNUk=][uid=jsmith,dc=training,dc=com]
  [03-000b92e6-11e7-1ef2-9582-0165c0a80000][home][06-000eb2a9-1201-1ef2-9582-0165c0a80000]
  [192.168.1.111][/home/index.html?SMSESSION=data_supressed][GET][jsmith][192.168.1.101:389]
  [LDAP:][idletime=3600;maxtime=7200;authlevel=5;][][home][][][][][][][][][][06/Jul/2020:10:03:02 +0200]
  [06/Jul/2020:10:03:02 +0200][06/Jul/2020:10:03:02 +0200][06/Jul/2020:10:03:02 +0200]
  [][][][][][BASIC][0][][]

We'd like to know how to get the same log format in Policy Server
12.8. How can we do it ?

 

Environment:

 

Policy Server 12.8SP3 on RedHat 7

 

Resolution:

 

At first glance, the format of the smaccess log is driven by a Policy
Server registry key. According to the documentation :

  Enhanced Auditing

    Enable Enhance Tracing

  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/administrating/enhanced-auditing.html

With value of 0, you'll get that log line :

  AuthAccept ps.training.com [08/Jul/2020:12:48:14 +0200]
  "192.168.1.111 uid=jsmith,dc=training,dc=com" "mywa.mydomain-abc.com
  GET /home/index.html" [idletime=3600;maxtime=7200;authlevel=5;] [0]
  [] []

With value of 4, you'll get that log line :

  [Auth][AuthAccept][][ps.training.com][06/Jul/2020:10:02:59
  +0200][mywa.mydomain-abc.com][rt2ps3q0JaPbymGud7aW71baNUk=][uid=jsmith,dc=training,dc=com]
  [03-000b92e6-11e7-1ef2-9582-0165c0a80000][home][06-000eb2a9-1201-1ef2-9582-0165c0a80000]
  [192.168.1.111][/home/index.html?SMSESSION=data_supressed][GET][jsmith][192.168.1.101:389]
  [LDAP:][idletime=3600;maxtime=7200;authlevel=5;][][home][][][][][][][][][][06/Jul/2020:10:03:02
  +0200] [06/Jul/2020:10:03:02 +0200][06/Jul/2020:10:03:02
  +0200][06/Jul/2020:10:03:02 +0200] [][][][][][BASIC][0][][]