SiteMinder AdminUI administrator activity logs in Policy Server
search cancel

SiteMinder AdminUI administrator activity logs in Policy Server

book

Article ID: 258738

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

When running AdminUI, how to monitor activity on AdminUI?

Having enabled debug logs on AdminUI, no activity is seen in the AdminUI logs regarding:

  • Adding or removing an Authentication Scheme;
  • Adding or removing a Policy, a Domain, etc.;

Resolution

 

At first glance, some configuration in the Policy Server allows these activities to be traced (1).

The resulting Administrator activity can be seen in the smaccess.log:

smaccess.log

[Admin][AdminLogin][][ps.training.com][13/Jan/2023:11:24:52 +0100][][][uid=siteminder,ou=Administrators,ou=SiteMinder,dc=ps,dc=training,dc=com][][][][][][][][][][][Administrative UI Login Success][][][][][][]
[Scheme][Create][][ps.training.com][13/Jan/2023:11:26:03 +0100][][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][test][0d-000d7c45-31a6-13c1-acfd-0165c0a80000][]

xpsexport data:

       <Object Class="CA.SM::AuthScheme" Xid="CA.SM::[email protected]" CreatedDateTime="2023-01-13T10:26:03" UpdatedBy="siteminder" UpdateMethod="GUI" ExportType="Replace">
            <Property Name="CA.SM::AuthScheme.IPCheck">

smaccess.log:            

[Scheme][Delete][][ps.training.com][13/Jan/2023:11:29:53 +0100][][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][test][0d-000d7c45-31a6-13c1-acfd-0165c0a80000][]

Then create a Domain with Realm, Rule, and Policy:

smaccess.log:

[Domain][Create][][ps.training.com][13/Jan/2023:11:32:53 +0100][][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][test][03-0008b863-32fd-13c1-acfd-0165c0a80000][]
[Realm][Create][][ps.training.com][13/Jan/2023:11:32:55 +0100][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][06-0005ddaa-330c-13c1-acfd-0165c0a80000][]
[Rule][Create][][ps.training.com][13/Jan/2023:11:32:56 +0100][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][0b-0003af3e-3321-13c1-acfd-0165c0a80000][]
[Policy][Create][][ps.training.com][13/Jan/2023:11:32:56 +0100][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][04-000c019d-3335-13c1-acfd-0165c0a80000][]

Deletion of the Domain leads to deletion of the Policy, Rule, and Realm:

[Policy][Delete][][ps.training.com][13/Jan/2023:11:34:13 +0100][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][04-000c019d-3335-13c1-acfd-0165c0a80000][]
[Rule][Delete][][ps.training.com][13/Jan/2023:11:34:13 +0100][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][0b-0003af3e-3321-13c1-acfd-0165c0a80000][]
[Realm][Delete][][ps.training.com][13/Jan/2023:11:34:13 +0100][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][06-0005ddaa-330c-13c1-acfd-0165c0a80000][]
[Domain][Delete][][ps.training.com][13/Jan/2023:11:34:13 +0100][][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][test][03-0008b863-32fd-13c1-acfd-0165c0a80000][]

The data will be written in the Audit Database when using an Audit Store.

Policy Server can't write audit logs in smaccess.log at the same time as writing into the database. But it can write it in smaccsess, and then you import them in the Audit Database with the smauditimport tool as per documentation (1)(2).

That way log will be written in both smaccess.log and the Audit Database.

 

Additional Information

 

(1)

    How to log AdminUI activity to the Policy Server smaccess.log
    

(2)

    Audit Data Import Tool for ODBC

      The Policy Server can store audit data in an ODBC database or output
      audit data to a text file.

      [...omitted for brevity...]

      The tool smauditimport reads a SiteMinder audit data text file and
      imports it into an ODBC database. The tool is located in the \bin
      directory under the Policy Server installation directory.