search cancel

Auditing failed with exception in IM server.log

book

Article ID: 201823

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

We note the following errors in our Identity Manager IMServer logs.

We are not seeing any specific impact on the product, but would like to understand these ERROR messages in the log file, for example:

2020-10-20 11:30:37,608 ERROR [ims.audit] (Thread-87184 (HornetQ-client-global-threads-794980076)) Exception caught during writing to table imsAuditObjectRelationship12: null
2020-10-20 11:30:37,608 ERROR [ims.audit] (Thread-87184 (HornetQ-client-global-threads-794980076)) Auditing failed with exception [ null ]
2020-10-20 11:30:37,608 ERROR [ims.audit] (Thread-87184 (HornetQ-client-global-threads-794980076)) Audited records are ROLLEDBACK
2020-10-20 11:30:37,608 ERROR [ims.default] (Thread-87184 (HornetQ-client-global-threads-794980076)) Exception received while writing audit Data: "null"


Cause

This is due to an Auditing Feature which a majority of our customers aren't using.  The Identity Manager's audit in intended to be used capture authentication events such as login or logout. More often out clients use Site Minder as the authentication gateway and if at all then the auditing would be performed by SSO.
Nevertheless, this is possible via Identity Manager's auditing configuration. To do that you export the auditing xml file (enviroments -> IME -> advanced settings -> audit -> export), then edit accordingly and import back (and start the IME again).

However, these events, as it turns out, will cause NULL problems in the app server log and will not audit correctly and 'cannot insert null value' errors will appear in the logs:

2015-01-13 15:28:09,455 ERROR [ims.audit] (http-0.0.0.0-8080-26) Exception inserting into imsAuditEvent12: Event: Login message: Cannot insert the value NULL into column 'admin_dn', table 'IMPRODAUDIT.dbo.imsAuditEvent12'; column  does not allow nulls. INSERT fails.
2015-01-13 15:28:09,455 ERROR [ims.audit] (http-0.0.0.0-8080-26) Auditing  failed with exception [ Cannot insert the value NULL into column 'admin_dn', table  IMPRODAUDIT.dbo.imsAuditEvent12'; column does not allow nulls. INSERT fails. ]
2015-01-13 15:28:09,456 ERROR [ims.audit] (http-0.0.0.0-8080-26) Audited records are ROLLEDBACK


This is happening due to that the 'admin_dn' column is defined not to accept NULL characters. However, the Login/Logout events have no administrator associated with them since only the authenticating user is involved and so the admin_dn is actually Null and therefore the audit db table throws the above exception.

 

Environment

Release : 14.2, 14.3, 14.4

Component : IdentityMinder(Identity Manager)

Resolution

In order to fix that you will need to change the definition of the 'admin_dn' column in the 'imsAuditEvent12' table and allow it to accept NULL characters. The easiest way to get this done would be to use the two provided scripts under: \CA\Identity Manager\IAM Suite\Identity Manager\tools\db\auditing\<YOUR DB TYPE>

- ims_mssql_audit_delete.sql should be run first and will delete the entire audit database.

- ims_mssql_audit.sql should run afterwards and will recreate the DB.

However, before running this second one, please make a copy of it, look for: CREATE TABLE [imsAuditEvent12] this will take you to the place where the table definition is. Then, one of

the columns is admin_dn. You should edit that line of this admin_dn to be:

[admin_dn] [nvarchar] (512) NULL ,

Instead of:

[admin_dn] [nvarchar] (512) NOT NULL ,

 

This change is what will allow this column to accept nulls. 

Save the script file and run it.

At this point the auditing errors should be cleared from the logs.