Question: 

1. Where can I find administrator audit events log?

2. How to log administrator audit events (object creation, deletion and modification etc.) in smaccess log?

3. Where can I find administrator login/log Off event from the Administrative UI ?

Answer: 

1. Where can I find administrator audit events log?

From siteminder version 12.x onwards the administrator audit events are *NOT* logged in the smaccess log by default, instead they are logged in 3 separate log files (.txn, .audit, .access) under <siteminder_home>/audit directory.
Please review below doc for detailed information:-
https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/administrating/configure-the-policy-server-logs#ConfigurethePolicyServerLogs-RecordAdministratorChangestoPolicyStoreObjects

2. How to log administrator audit events (object creation, deletion and modification etc.) in smaccess log?

Please note that if you wish to see the administrator audit events in the smacess log, then edit the registry keys under reports section on the policy server machine and set LogObj to 1

Windows:-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\Reports]

"LogObj"=dword:00000001

Linux/Unix:-

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports=892232305

LogObj=                                 0x1;    REG_DWORD

Restart the policy server to pick up the changes.

After making above registry change, you will start receiving pop ups with warning message everytime you open the smconsole.

Warning Message: - Logging of admin changes to policy store should not be enabled. It would be logged by XPSAudit. Please check Logs tab.

Reason for above warning message is because it is not recommended to make above changes due to security reasons, as many people in organization will have access to smacess.log and can see all the admin activity.

3. Where can I find administrator login/log Off event from the Administrative UI ?

The administrator login/log off event from Administrative UI are not logged into either of the smaccess.log or .audit files anymore.

This is by design because this functionality can now be achieved in r12.5 and above by protecting Administrative UI with SiteMinder agent and thus enabling the auditing features like any other protected applications.

NOTE: 

In order for policy server to generate smaccess.log, you need to enable audit logging and also set it to log all events in smconsole under the LOGS tab.

Additional Information:

Lookup for “Record Administrator Changes to Policy Store Objects” in policy server documentation.

https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/administrating/configure-the-policy-server-logs#ConfigurethePolicyServerLogs-RecordAdministratorChangestoPolicyStoreObjects