smauditimport.exe fails to populate the smaccesslog4 and smobjlog4 tables properly
search cancel

smauditimport.exe fails to populate the smaccesslog4 and smobjlog4 tables properly

book

Article ID: 278603

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder)

Issue/Introduction

12.8sp7 smauditimport.exe fails to import smaccess_yyyymmdd.log.

After followed the documentation, so that smaccess.log file contains [Auth] and [Az] records from users accessing site, but is also auditing policy server objects changed by an administrator in the AdminUI.

However, smauditimport.exe failed to import smaccess.log file. Sometimes when failing, user also observed app crash message related to smauditimport.exe in the windows event viewer.

smauditimport <installDir>\log\smaccess_yyyymmdd.log exampleDB <example_user> <example_password> -a1 -f

Info : szDbmsName: Microsoft SQL Server
Info : Bulk loading Supported
Error :  Insertion Failed on line 711.
SQLSetStmtAttr failed setting SQL_ATTR_PARAMSET_SIZE of 1.
Table Name = ObjectLogTable SQLState = H, Msg = [
Error :  Insertion Failed on line 770.
SQLSetStmtAttr failed setting SQL_ATTR_PARAMSET_SIZE of 1.
Table Name = ObjectLogTable SQLState = H, Msg = [
Error :  Insertion Failed on line 771.

Environment

Policy server OS: Windows Server 2019 Datacenter 

Policy server version: 12.8; Update: 07.00; Build: 2758

Audit DB and session store: Microsoft SQL Server 2016

Policy server registry setting "Enable Enhance Tracing"=1, and "EscapeAuditFields"=1.

Cause

The import command option a1 or a2, etc. relates to the Enable Enhance Tracing registry setting.

Example: -a1 (Indicates an Enable Enhance Tracing registry setting of 1)

There are 3 types of entries in smaccess_yyyymmdd.log that potentially triggers error due to different format.

e.g.

  • [Category][Event][Reason][Hostname][Time][AgentName].....         

    [========][=====][======][========][                

Above entry is possibly created due to server log recycle/rotation. 

To populate below records in smaccess.log, one will need to use XPSConfig command, and enable those "SM" component fields (LogObj, LogRequest, LogResponse). Which are not enabled out of box.

  • [ManagementCommand][FlushUser][][xxxxxx][dd/mmm/yyyy:hh:mm:ss -0500]...

These records will be imported into smobjlog4 table, not smaccesslog4 table. 

  • [Admin][Create][][xxxxxx][dd/mmm/yyyy:hh:mm:ss -0500][][]......

These records will be imported into smobjlog4 table, not smaccesslog4.

The expectation is that all records are imported in without error, and intelligently distributed to both smaccesslog4 and smobjlog4 tables respectively.

Resolution

Broadcom engineering has provided a fixed 12.8sp7 version smauditimport.exe in the KB attachment.

12.8sp8 is not affected with this issue.

Attachments

smauditimport-12.8.07.zip get_app