SiteMinder AdminUI administrator activity logs in Policy Server
Article ID: 258738
Updated On:
Products
Issue/Introduction
When running AdminUI, how to monitor activity on AdminUI?
Having enabled debug logs on AdminUI, no activity is seen in the AdminUI logs regarding:
- Adding or removing an Authentication Scheme;
- Adding or removing a Policy, a Domain, etc.;
Resolution
At first glance, some configuration in the Policy Server allows these activities to be traced (1).
The resulting Administrator activity can be seen in the smaccess.log:
smaccess.log
[Admin][AdminLogin][][ps.training.com][13/Jan/2023:11:24:52 +0100][][][uid=siteminder,ou=Administrators,ou=SiteMinder,dc=ps,dc=training,dc=com][][][][][][][][][][][Administrative UI Login Success][][][][][][]
[Scheme][Create][][ps.training.com][13/Jan/2023:11:26:03 +0100][][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][test][0d-000d7c45-31a6-13c1-acfd-0165c0a80000][]
xpsexport data:
<Object Class="CA.SM::AuthScheme" Xid="CA.SM::[email protected]" CreatedDateTime="2023-01-13T10:26:03" UpdatedBy="siteminder" UpdateMethod="GUI" ExportType="Replace">
<Property Name="CA.SM::AuthScheme.IPCheck">
smaccess.log:
[Scheme][Delete][][ps.training.com][13/Jan/2023:11:29:53 +0100][][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][test][0d-000d7c45-31a6-13c1-acfd-0165c0a80000][]
Then create a Domain with Realm, Rule, and Policy:
smaccess.log:
[Domain][Create][][ps.training.com][13/Jan/2023:11:32:53 +0100][][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][test][03-0008b863-32fd-13c1-acfd-0165c0a80000][]
[Realm][Create][][ps.training.com][13/Jan/2023:11:32:55 +0100][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][06-0005ddaa-330c-13c1-acfd-0165c0a80000][]
[Rule][Create][][ps.training.com][13/Jan/2023:11:32:56 +0100][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][0b-0003af3e-3321-13c1-acfd-0165c0a80000][]
[Policy][Create][][ps.training.com][13/Jan/2023:11:32:56 +0100][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][04-000c019d-3335-13c1-acfd-0165c0a80000][]
Deletion of the Domain leads to deletion of the Policy, Rule, and Realm:
[Policy][Delete][][ps.training.com][13/Jan/2023:11:34:13 +0100][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][04-000c019d-3335-13c1-acfd-0165c0a80000][]
[Rule][Delete][][ps.training.com][13/Jan/2023:11:34:13 +0100][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][0b-0003af3e-3321-13c1-acfd-0165c0a80000][]
[Realm][Delete][][ps.training.com][13/Jan/2023:11:34:13 +0100][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][06-0005ddaa-330c-13c1-acfd-0165c0a80000][]
[Domain][Delete][][ps.training.com][13/Jan/2023:11:34:13 +0100][][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][test][03-0008b863-32fd-13c1-acfd-0165c0a80000][]
The data will be written in the Audit Database when using an Audit Store.
Policy Server can't write audit logs in smaccess.log at the same time as writing into the database. But it can write it in smaccsess, and then you import them in the Audit Database with the smauditimport tool as per documentation (1)(2).
That way log will be written in both smaccess.log and the Audit Database.
Additional Information
(1)
How to log AdminUI activity to the Policy Server smaccess.log
(2)
Audit Data Import Tool for ODBC
The Policy Server can store audit data in an ODBC database or output
audit data to a text file.
[...omitted for brevity...]
The tool smauditimport reads a SiteMinder audit data text file and
imports it into an ODBC database. The tool is located in the \bin
directory under the Policy Server installation directory.
Feedback
