What SQL statements are used to get SiteMinder audit Reports?

Article Id: 53123

Status: Published

Updated On: 21-03-2018 06:16

Legacy Id: TEC499455

Products:

CA Single Sign On Secure Proxy Server (SiteMinder) , AXIOMATICS POLICY SERVER , CA Single Sign On SOA Security Manager (SiteMinder) , CA Single Sign-On , CA Single Sign-On

Issue/Introduction:

Description

Customer is required to get audit data from the SQL database but does not want to use the reports server. Do you have some template or SQL that can help me to generate audit reports?

Solution

You can use the following queries to generate audit reports via SQL.
Please note that the following queries are example and they are not supported by SiteMinder Support.

Activity Report

SELECT
    SM_TIMESTAMP,
    SM_CATEGORYID,
    SM_EVENTID,
    SM_USERNAME,
    SM_AGENTNAME,
    SM_REALMNAME,
    SM_CLIENTIP,
    SM_DOMAINOID,
    SM_RESOURCE,
    SM_STATUS
FROM
    smaccesslog4
WHERE
    SM_TIMESTAMP >= {START DATE PARAMETER} AND
    SM_TIMESTAMP <= {END DATE PARAMETER} AND
    SM_USERNAME = {USER NAME PARAMETER} AND
    SM_AGENTNAME = {AGENT NAME PARAMTER} AND
    SM_DOMAINOID = {DOMAIN ID PARAMETER}

User Activity Report

SELECT
    SM_TIMESTAMP,
    SM_CATEGORYID,
    SM_EVENTID,
    SM_SESSIONID,
    SM_USERNAME,
    SM_AGENTNAME,
    SM_REALMNAME,
    SM_CLIENTIP,
    SM_DOMAINOID,
    SM_RESOURCE,
    SM_STATUS
FROM
    smaccesslog4      
WHERE
    SM_TIMESTAMP >= {START DATE PARAMETER} AND
    SM_TIMESTAMP <= {END DATE PARAMETER} AND
    SM_USERNAME = {USER NAME PARAMETER} AND
    SM_AGENTNAME = {AGENT NAME PARAMTER} AND
    SM_DOMAINOID = {DOMAIN ID PARAMETER}

Agent Activity Report

SELECT
    SM_TIMESTAMP,
    SM_CATEGORYID,
    SM_EVENTID,
    SM_USERNAME,
    SM_AGENTNAME,
    SM_REALMNAME,
    SM_CLIENTIP,
    SM_DOMAINOID,
    SM_RESOURCE,
    SM_STATUS
FROM
    smaccesslog4 
WHERE
    SM_TIMESTAMP >= {START DATE PARAMETER} AND
    SM_TIMESTAMP <= {END DATE PARAMETER} AND
    SM_USERNAME = {USER NAME PARAMETER} AND
    SM_AGENTNAME = {AGENT NAME PARAMTER} AND
    SM_DOMAINOID = {DOMAIN ID PARAMETER} AND
    SM_CATEGORYID" < 3

Resource Activity Report

SELECT
    SM_TIMESTAMP,
    SM_CATEGORYID,
    SM_EVENTID,
    SM_HOSTNAME,
    SM_USERNAME,
    SM_AGENTNAME,
    SM_REALMNAME,
    SM_CLIENTIP,
    SM_DOMAINOID,
    SM_RESOURCE,
    SM_STATUS
FROM
    smaccesslog4 
WHERE
    SM_TIMESTAMP >= {START DATE PARAMETER} AND
    SM_TIMESTAMP <= {END DATE PARAMETER} AND
    SM_USERNAME = {USER NAME PARAMETER} AND
    SM_AGENTNAME = {AGENT NAME PARAMTER} AND
    SM_DOMAINOID = {DOMAIN ID PARAMETER} AND
    SM_CATEGORYID < 3

Intrusion Report

SELECT
    SM_TIMESTAMP,
    SM_CATEGORYID,
    SM_EVENTID,
    SM_USERNAME,
    SM_AGENTNAME,
    SM_REALMNAME,
    SM_CLIENTIP,
    SM_DOMAINOID,
    SM_RESOURCE,
    SM_STATUS
FROM
    smaccesslog4 
WHERE
    SM_TIMESTAMP >= {START DATE PARAMETER} AND
    SM_TIMESTAMP <= {END DATE PARAMETER} AND
    SM_USERNAME = {USER NAME PARAMETER} AND
    SM_AGENTNAME = {AGENT NAME PARAMTER} AND
    SM_DOMAINOID = {DOMAIN ID PARAMETER} AND
    SM_EVENTID IN (2,3,6,9)

Intrusion by User Report

SELECT
    SM_TIMESTAMP,
    SM_CATEGORYID,
    SM_EVENTID,
    SM_USERNAME,
    SM_AGENTNAME,
    SM_REALMNAME,
    SM_CLIENTIP,
    SM_DOMAINOID,
    SM_RESOURCE,
    SM_STATUS
FROM
    smaccesslog4 
WHERE
    SM_TIMESTAMP >= {START DATE PARAMETER} AND
    SM_TIMESTAMP <= {END DATE PARAMETER} AND
    SM_USERNAME = {USER NAME PARAMETER} AND
    SM_AGENTNAME = {AGENT NAME PARAMTER} AND
    SM_DOMAINOID = {DOMAIN ID PARAMETER} AND
    SM_EVENTID IN (2,3,6,9)

Intrusion by Agent Report

SELECT
    SM_TIMESTAMP,
    SM_CATEGORYID,
    SM_EVENTID,
    SM_USERNAME,
    SM_AGENTNAME,
    SM_REALMNAME,
    SM_CLIENTIP,
    SM_DOMAINOID,
    SM_RESOURCE,
    SM_STATUS
FROM
    smaccesslog4 
WHERE
    SM_TIMESTAMP >= {START DATE PARAMETER} AND
    SM_TIMESTAMP <= {END DATE PARAMETER} AND
    SM_USERNAME = {USER NAME PARAMETER} AND
    SM_AGENTNAME = {AGENT NAME PARAMTER} AND
    SM_DOMAINOID = {DOMAIN ID PARAMETER} AND
    SM_EVENTID IN (2,3,6,9)

Administrative Activity Report (Only valid in version 6)

SELECT
    SM_TIMESTAMP,
    SM_CATEGORYID,
    SM_EVENTID,
    SM_SESSIONID,
    SM_USERNAME,
    SM_OBJNAME,
    SM_FIELDDESC
FROM
    smobjlog4 
WHERE
    SM_TIMESTAMP >= {START DATE PARAMETER} AND
    SM_TIMESTAMP <= {END DATE PARAMETER} AND
    SM_USERNAME = {USER NAME PARAMETER}

Object Activity Report (Only valid in version 6)

SELECT
    SM_TIMESTAMP,
    SM_CATEGORYID,
    SM_EVENTID,
    SM_SESSIONID,
    SM_USERNAME,
    SM_OBJNAME,
    SM_FIELDDESC
FROM
    smobjlog4 
WHERE
    SM_TIMESTAMP >= {START DATE PARAMETER} AND
    SM_TIMESTAMP <= {END DATE PARAMETER} AND
    SM_USERNAME = {USER NAME PARAMETER} AND
    SM_CATEGORYID > 1

Administrative Activity by Administrator Report (Only valid in version 6)

SELECT
    SM_TIMESTAMP,
    SM_CATEGORYID,
    SM_EVENTID,
    SM_SESSIONID,
    SM_USERNAME,
    SM_OBJNAME,
    SM_FIELDDESC
FROM
    smobjlog4 
WHERE
    SM_TIMESTAMP >= {START DATE PARAMETER} AND
    SM_TIMESTAMP <= {END DATE PARAMETER} AND
    SM_USERNAME = {USER NAME PARAMETER}

Environment:

Release:
Component: SMPLC