Siteminder can be configured to record user audit data to either a test file (smaccess.log) locally on the Policy Server, or directory to an ODBC Audit Store database. Using the 'smauditimport' tool the 'smaccess.log' files can be imported into an ODBC Audit Store manually, or configured to be imported via a custom script.
PRODUCT: Siteminder
COMPONENT: Policy Server
VERSION: r12.8.x and higher
FEATURE: User Auditing
The "smauditimport" tool can be used to import the Siteminder audit logs from test file into the ODBC Audit Store.
Windows (Default): C:\Program Files\CA\siteminder\bin\smauditimport.exe
Linux (Default): \opt\CA\siteminder\bin\smauditimport
Usage: smauditimport <filename> <DSN> <username> <password> -a<1|2|3>-vfb <bulkloadsize> -s5|6
filename : Full path to the log file you want to import.
DSN : Data Source Name.
username : DB user name.
password : DB password.
-a<n> : audit mode schema to use for upload. -a<1|2|3|4>. (This value is
synchronized with "Enable Enhance Tracing" registry on the Policy Server.)
1 – Enables enhanced auditing
2 – Logs assertion attributes
3 – Logs assertion attributes and the authentication method that authenticates a user accessing a resource.
4 – Logs assertion attributes, the authentication method, and Enhanced Session Assurance with DeviceDNA™ information
-v : (optional) verify
-f : (optional) force
-s : (optional) schema version, Please type '-s5' Or '-s6'.
-b <bulkloadsize> : (optional) number of records to bulk insert at a time.
Default is 100.
Example:
smauditimport c:\mylogs\smaccess.log -a1 "SM SQL Server Wire DS" dbuser dbpassword -a3 -v -s6
Pre-Requisites:
1) DSN on the Policy Server connecting to the ODBC Audit Store
2) Policy Server configured to escape audit fields
The characters '[', ']', or '\' appearing in a field in the policy or user store require a preceding escaping character '\' (backslash). These characters appear because they have been used in fields like username, realm name, and so on.
Set the following registry key, to escape these characters automatically:
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig
Value Type: DWORD VALUE
Value Name: EscapeAuditFields
Value Data: 1
Note:
See KB54446 "Enhanced TEXT Auditing Feature in SiteMinder Policy Server"