The SiteMinder Policy Server can be configured to record user audit data to either a text file (smaccess.log) locally on the Policy Server, to an ODBC Audit Store database.

Using the 'smauditimport' tool, the 'smaccess.log' files can be imported into an ODBC Audit Store manually, or configured to be imported via a custom script.

 
The "smauditimport" tool can be used to import the SiteMinder Policy Server audit logs from text file into the ODBC Audit Store.

Windows (Default): C:\{home_policy_server}\bin\smauditimport.exe

Linux (Default): /{home_policy_server}/bin/smauditimport

Usage:  smauditimport <filename> <DSN> <username> <password> -a<1|2|3>-vfb <bulkloadsize> -s5|6

    filename          :  Full path to the log file you want to import.
    DSN               :  Data Source Name.
    username          :  DB user name.
    password          :  DB password.
    -a<n>             :  audit mode schema to use for upload. -a<1|2|3|4>. (This value is
                         synchronized with "Enable Enhance Tracing" registry on the Policy Server.)
                         1 – Enables enhanced auditing
                         2 – Logs assertion attributes
                         3 – Logs assertion attributes and the authentication method that authenticates a user accessing a resource.
                         4 – Logs assertion attributes, the authentication method, and Enhanced Session Assurance with DeviceDNA™ information

    -v                :  (optional) verify
    -f                :  (optional) force
    -s                :  (optional) schema version, Please type '-s5' Or '-s6'.
    -b <bulkloadsize> :  (optional) number of records to bulk insert at a time.
                         Default is 100

To illustrate:

c:\> smauditimport c:\smaccess.log -a1 "SM SQL Server Wire DS" dbuser dbpassword -a3 -v -s6

Pre-Requisites:

1. DSN on the Policy Server connecting to the ODBC Audit Store;
2. Policy Server configured to escape audit fields.

The characters '[', ']', or '\' appearing in a field in the Policy or User Store require a preceding escaping character '\' (backslash).

These characters appear because they have been used in fields like username, realm name, and so on.

Set the following registry key, to escape these characters automatically:

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig

Value Type: DWORD VALUE
Value Name: EscapeAuditFields
Value Data: 1

Note:

By default SiteMinder Policy Server only writes a limited sub-set of the fields which are written to when Auditing directly to the ODBC Data Store.

To increase the amount of fields is written to the audit logs when writing to Txt (smaccess.log) to match the fields in the ODBC audit store, enable enhanced audit tracing on the Policy Server where the audit text files are being written (1)(2).

The <username> and <password> attributes are considered Mandatory and must be passed in the command.
 

1. Enhanced text log for auditing feature for Policy Server
   
   
2. Audit Data Import Tool for ODBC
   
   
3. Enhanced Auditing