Audit log file smaccess.log filter configuration in Policy Server

book

Article ID: 242532

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

When running Policy Server, how to filter the smaccess.log log file, by selecting some specific fields, and removing the AuthLogout event?

 

Resolution

 

At first glance, smaccess.log content can't be configured with the current version 12.8SP6a on the date of May 26th, 2022 (1).

The only filters available are from the smconsole:

    "Log All Events"
  or
    "Log Rejection Events Only"
  or 
    "Log No Events"

for Authentication, Authorization, Affiliate Events.

According to the following KD, more or fewer details can be available depending on the value given to the "Enable Enhance Tracing" registry setting (2).

A script to filter the smaccess.log can be developed, as with some group or gawk commands to fit the business needs.

 

Additional Information

 

(1)

    Configure the Policy Server Log (smps.log) and Audit Log (smaccess.log)

      The Policy Server log file records information about the status of the
      Policy Server. The Policy Server Audit Log section controls
      configurable levels of auditing information that can be written to the
      audit log, smaccess.log.

 

(2)

        Audit log syslog format changed after Policy Server upgrade to 12.8