I'm running SiteMinder Policy server 6 and I'm auditing to a text file, however I do not understand the format of the authorization, authentication and administrative events in the smaccess.log file.
Do you have any documentation about Audit Events?
The following documents will give a quick reference for all authorization, authentication and administrative events.
Logging field descriptions smaccesslog4
For more information, please check SiteMinder Developer's Guide for C Chapter 7: Authentication API, 8: Authorization API and 9: Event API.