12.8sp7 smauditimport.exe fails to import smaccess_yyyymmdd.log.
After followed the documentation, so that smaccess.log file contains [Auth] and [Az] records from users accessing site, but is also auditing policy server objects changed by an administrator in the AdminUI.
However, smauditimport.exe failed to import smaccess.log file. Sometimes when failing, user also observed app crash message related to smauditimport.exe in the windows event viewer.
smauditimport <installDir>\log\smaccess_yyyymmdd.log exampleDB <example_user> <example_password> -a1 -f
Info : szDbmsName: Microsoft SQL Server
Info : Bulk loading Supported
Error : Insertion Failed on line 711.
SQLSetStmtAttr failed setting SQL_ATTR_PARAMSET_SIZE of 1.
Table Name = ObjectLogTable SQLState = H, Msg = [
Error : Insertion Failed on line 770.
SQLSetStmtAttr failed setting SQL_ATTR_PARAMSET_SIZE of 1.
Table Name = ObjectLogTable SQLState = H, Msg = [
Error : Insertion Failed on line 771.
Policy server OS: Windows Server 2019 Datacenter
Policy server version: 12.8; Update: 07.00; Build: 2758
Audit DB and session store: Microsoft SQL Server 2016
Policy server registry setting "Enable Enhance Tracing"=1, and "EscapeAuditFields"=1.
The import command option a1 or a2, etc. relates to the Enable Enhance Tracing registry setting.
Example: -a1 (Indicates an Enable Enhance Tracing registry setting of 1)
There are 3 types of entries in smaccess_yyyymmdd.log that potentially triggers error due to different format.
e.g.
[Category][Event][Reason][Hostname][Time][AgentName].....
[========][=====][======][========][
Above entry is possibly created due to server log recycle/rotation.
To populate below records in smaccess.log, one will need to use XPSConfig command, and enable those "SM" component fields (LogObj, LogRequest, LogResponse). Which are not enabled out of box.
These records will be imported into smobjlog4 table, not smaccesslog4 table.
These records will be imported into smobjlog4 table, not smaccesslog4.
The expectation is that all records are imported in without error, and intelligently distributed to both smaccesslog4 and smobjlog4 tables respectively.
Broadcom engineering has provided a fixed 12.8sp7 version smauditimport.exe in the KB attachment.
12.8sp8 is not affected with this issue.