We're running a Policy Server on Linux, this one sends log to syslog
service in that format :
Siteminder: AuthAccept ps.training.com [08/Jul/2020:12:48:14 +0200]
"192.168.1.111 uid=jsmith,dc=training,dc=com" "mywa.mydomain-abc.com
GET /home/index.html" [idletime=3600;maxtime=7200;authlevel=5;] [0]
[] []
This happens since we've upgraded Policy Server 12.52SP1 to 12.8. In
Policy Server 12.52SP1, the logs had that format instead :
Siteminder: [Auth][AuthAccept][][ps.training.com][06/Jul/2020:10:02:59
+0200][mywa.mydomain-abc.com][rt2ps3q0JaPbymGud7aW71baNUk=][uid=jsmith,dc=training,dc=com]
[03-000b92e6-11e7-1ef2-9582-0165c0a80000][home][06-000eb2a9-1201-1ef2-9582-0165c0a80000]
[192.168.1.111][/home/index.html?SMSESSION=data_supressed][GET][jsmith][192.168.1.101:389]
[LDAP:][idletime=3600;maxtime=7200;authlevel=5;][][home][][][][][][][][][][06/Jul/2020:10:03:02 +0200]
[06/Jul/2020:10:03:02 +0200][06/Jul/2020:10:03:02 +0200][06/Jul/2020:10:03:02 +0200]
[][][][][][BASIC][0][][]
We'd like to know how to get the same log format in Policy Server
12.8. How can we do it ?
Policy Server 12.8SP3 on RedHat 7
At first glance, the format of the smaccess log is driven by a Policy
Server registry key. According to the documentation :
Enhanced Auditing
Enable Enhance Tracing
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/administrating/enhanced-auditing.html
With value of 0, you'll get that log line :
AuthAccept ps.training.com [08/Jul/2020:12:48:14 +0200]
"192.168.1.111 uid=jsmith,dc=training,dc=com" "mywa.mydomain-abc.com
GET /home/index.html" [idletime=3600;maxtime=7200;authlevel=5;] [0]
[] []
With value of 4, you'll get that log line :
[Auth][AuthAccept][][ps.training.com][06/Jul/2020:10:02:59
+0200][mywa.mydomain-abc.com][rt2ps3q0JaPbymGud7aW71baNUk=][uid=jsmith,dc=training,dc=com]
[03-000b92e6-11e7-1ef2-9582-0165c0a80000][home][06-000eb2a9-1201-1ef2-9582-0165c0a80000]
[192.168.1.111][/home/index.html?SMSESSION=data_supressed][GET][jsmith][192.168.1.101:389]
[LDAP:][idletime=3600;maxtime=7200;authlevel=5;][][home][][][][][][][][][][06/Jul/2020:10:03:02
+0200] [06/Jul/2020:10:03:02 +0200][06/Jul/2020:10:03:02
+0200][06/Jul/2020:10:03:02 +0200] [][][][][][BASIC][0][][]