When running Policy Server, how to filter the smaccess.log log file, by selecting some specific fields, and removing the AuthLogout event?
At first glance, smaccess.log content can't be configured with the current version 12.8SP6a on the date of May 26th, 2022 (1).
The only filters available are from the smconsole:
"Log All Events"
"Log Rejection Events Only"
"Log No Events"
for Authentication, Authorization, Affiliate Events.
According to the following KD, more or fewer details can be available depending on the value given to the "Enable Enhance Tracing" registry setting (2).
A script to filter the smaccess.log can be developed, as with some group or gawk commands to fit the business needs.
Configure the Policy Server Log (smps.log) and Audit Log (smaccess.log)
The Policy Server log file records information about the status of the
Policy Server. The Policy Server Audit Log section controls
configurable levels of auditing information that can be written to the
audit log, smaccess.log.
Audit log syslog format changed after Policy Server upgrade to 12.8