Import Siteminder Audit Text Files Into an ODBC Audit Store
search cancel

Import Siteminder Audit Text Files Into an ODBC Audit Store

book

Article ID: 53544

calendar_today

Updated On:

Products

CA Single Sign-On SITEMINDER

Issue/Introduction

Siteminder can be configured to record user audit data to either a test file (smaccess.log) locally on the Policy Server, or directory to an ODBC Audit Store database.  Using the 'smauditimport' tool the 'smaccess.log' files can be imported into an ODBC Audit Store manually, or configured to be imported via a custom script.

 

Environment

PRODUCT: Siteminder

COMPONENT: Policy Server

VERSION: r12.8.x and higher

FEATURE: User Auditing

Resolution

 

The "smauditimport" tool can be used to import the Siteminder audit logs from test file into the ODBC Audit Store.   

Windows (Default): C:\Program Files\CA\siteminder\bin\smauditimport.exe

Linux (Default): \opt\CA\siteminder\bin\smauditimport

 

Usage:  smauditimport <filename> <DSN> <username> <password> -a<1|2|3>-vfb <bulkloadsize> -s5|6
    filename          :  Full path to the log file you want to import.
    DSN               :  Data Source Name.
    username          :  DB user name.
    password          :  DB password.
    -a<n>             :  audit mode schema to use for upload. -a<1|2|3|4>. (This value is
                         synchronized with "Enable Enhance Tracing" registry on the Policy Server.)
                         1 – Enables enhanced auditing
                         2 – Logs assertion attributes
                         3 – Logs assertion attributes and the authentication method that authenticates a user accessing a resource.
                         4 – Logs assertion attributes, the authentication method, and Enhanced Session Assurance with DeviceDNA™ information

    -v                :  (optional) verify
    -f                :  (optional) force
    -s                :  (optional) schema version, Please type '-s5' Or '-s6'.
    -b <bulkloadsize> :  (optional) number of records to bulk insert at a time.
                         Default is 100.

Example:

smauditimport c:\mylogs\smaccess.log -a1 "SM SQL Server Wire DS" dbuser dbpassword -a3 -v -s6

Pre-Requisites:

1) DSN on the Policy Server connecting to the ODBC Audit Store

2) Policy Server configured to escape audit fields

The characters '[', ']', or '\' appearing in a field in the policy or user store require a preceding escaping character '\' (backslash). These characters appear because they have been used in fields like username, realm name, and so on.
Set the following registry key, to escape these characters automatically:

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig

Value Type: DWORD VALUE
Value Name: EscapeAuditFields
Value Data: 1

Note:

  • By default Siteminder only writes a limited sub-set of the fields which are written to when Auditing directly to the ODBC Data Store.  To increase the amount of fields are written to the audit logs when writing to Txt (smaccess.log) to match the fields in the ODBC audit store, you will need to enable enhanced audit tracing on the policy server where the audit text files are being written.

See KB54446 "Enhanced TEXT Auditing Feature in SiteMinder Policy Server"

  • The <username> and <password> attributes are considered Mandatory and must be passed in the command.

 

 

Additional Information

KB54446 "Enhanced TEXT Auditing Feature in SiteMinder Policy Server"

Audit Data Import Tool for ODBC

Enhanced Auditing

EscapeAuditFields

Powered by Wolken Software