SiteMinder AdminUI administrator activity logs in Policy Server
search cancel

SiteMinder AdminUI administrator activity logs in Policy Server

book

Article ID: 258738

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

While running AdminUI, how to monitor activity on AdminUI?



Environment

R12.8.x

Resolution

At first glance, some configuration in the Policy Server allows these activities to be traced. Below us the reference documentation.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/configure-the-policy-server-log-smps-log-and-audit-log-smaccess-log.html

The resulting Administrator activity can be seen in the smaccess.log:

smaccess.log

[Admin][AdminLogin][][ps.example.com][[uid=siteminder,ou=Administrators,ou=SiteMinder,dc=ps,dc=example,dc=com][][][][][][][][][][][Administrative UI Login Success][][][][][][]
[Scheme][Create][][ps.example.com][[][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][test][0d-000d7c45-31a6-13c1-acfd-0165c0a80000][]

xpsexport data:

       <Object Class="CA.SM::AuthScheme" Xid="CA.SM::AuthScheme@0d-000d7c45-31a6-13c1-acfd-0165c0a80000" CreatedDateTime="xxxx.01-13T10:26:03" UpdatedBy="siteminder" UpdateMethod="GUI" ExportType="Replace">
            <Property Name="CA.SM::AuthScheme.IPCheck">

smaccess.log:            

[Scheme][Delete][][ps.example.com]][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][test][0d-000d7c45-31a6-13c1-acfd-0165c0a80000]

Then create a Domain with Realm, Rule, and Policy:

smaccess.log:

[Domain][Create][][ps.example.com][[][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][test][03-0008b863-32fd-13c1-acfd-0165c0a80000][]
[Realm][Create][][ps.example.com][[][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][06-0005ddaa-330c-13c1-acfd-0165c0a80000][]
[Rule][Create][][ps.example.com][[][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][0b-0003af3e-3321-13c1-acfd-0165c0a80000][]
[Policy][Create][][ps.example.com][[][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][04-000c019d-3335-13c1-acfd-0165c0a80000][]

Deletion of the Domain leads to deletion of the Policy, Rule, and Realm:

[Policy][Delete][][ps.example.com][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][04-000c019d-3335-13c1-acfd-0165c0a80000][]
[Rule][Delete][][ps.example.com][][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][0b-0003af3e-3321-13c1-acfd-0165c0a80000][]
[Realm][Delete][][ps.example.com][][siteminder][03-0008b863-32fd-13c1-acfd-0165c0a80000][][][][][][][][][][][][][][test][06-0005ddaa-330c-13c1-acfd-0165c0a80000][]
[Domain][Delete][][ps.example.com][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][test][03-0008b863-32fd-13c1-acfd-0165c0a80000][]

The data will be written in the Audit Database when using an Audit Store.

Policy Server can't write audit logs in smaccess.log at the same time as writing into the database. But it can write it in smaccess log, and then you import them in the Audit Database with the smauditimport tool as per documentation.

That way log data will be written in both smaccess.log and the Audit Database.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/configure-policy-server-data-storage-options/audit-data-import-tool-for-odbc.html

Also note that the Admin UI has its own audit logs in the siteminder_home\audit path. See additional information (3) below.