Import Siteminder Audit Text Files Into an ODBC Audit Store
search cancel

Import Siteminder Audit Text Files Into an ODBC Audit Store


Article ID: 53544


Updated On:




Siteminder can be configured to record user audit data to either a test file (smaccess.log) locally on the Policy Server, or directory to an ODBC Audit Store database.  Using the 'smauditimport' tool the 'smaccess.log' files can be imported into an ODBC Audit Store manually, or configured to be imported via a custom script.



PRODUCT: Siteminder

COMPONENT: Policy Server

VERSION: r12.8.x and higher

FEATURE: User Auditing



The "smauditimport" tool can be used to import the Siteminder audit logs from test file into the ODBC Audit Store.   

Windows (Default): C:\Program Files\CA\siteminder\bin\smauditimport.exe

Linux (Default): /opt/CA/siteminder/bin/smauditimport


Usage:  smauditimport <filename> <DSN> <username> <password> -a<1|2|3>-vfb <bulkloadsize> -s5|6
    filename          :  Full path to the log file you want to import.
    DSN               :  Data Source Name.
    username          :  DB user name.
    password          :  DB password.
  -a<n>             :  audit mode schema to use for upload. -a<1|2|3|4>. (This value is
                       synchronized with "Enable Enhance Tracing" registry on the Policy Server.)
1 – Enables enhanced auditing
2 – Logs assertion attributes
3 – Logs assertion attributes and the authentication method that authenticates a user accessing a resource.
4 – Logs assertion attributes, the authentication method, and Enhanced Session Assurance with DeviceDNA™ information

    -v                :  (optional) verify
    -f                :  (optional) force
    -s                :  (optional) schema version, Please type '-s5' Or '-s6'.
    -b <bulkloadsize> :  (optional) number of records to bulk insert at a time.
                         Default is 100.


smauditimport c:\mylogs\smaccess.log -a1 "SM SQL Server Wire DS" dbuser dbpassword -a3 -v -s6


1) DSN on the Policy Server connecting to the ODBC Audit Store

2) Policy Server configured to escape audit fields

The characters '[', ']', or '\' appearing in a field in the policy or user store require a preceding escaping character '\' (backslash). These characters appear because they have been used in fields like username, realm name, and so on.
Set the following registry key, to escape these characters automatically:


Value Name: EscapeAuditFields
Value Data: 1


  • By default Siteminder only writes a limited sub-set of the fields which are written to when Auditing directly to the ODBC Data Store.  To increase the amount of fields are written to the audit logs when writing to Txt (smaccess.log) to match the fields in the ODBC audit store, you will need to enable enhanced audit tracing on the policy server where the audit text files are being written.

See KB54446 "Enhanced TEXT Auditing Feature in SiteMinder Policy Server"

  • The <username> and <password> attributes are considered Mandatory and must be passed in the command.



Additional Information

KB54446 "Enhanced TEXT Auditing Feature in SiteMinder Policy Server"

Audit Data Import Tool for ODBC

Enhanced Auditing