Enhanced text log for auditing feature for Policy Server
search cancel

Enhanced text log for auditing feature for Policy Server

book

Article ID: 54446

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign-On

Issue/Introduction


The SiteMinder Policy Server is configured by default to write audit logs to a text file.

However, the amount of data that is written to a text file by default is less than that which is written to an ODBC Audit Store Database.

Default Audit Fields in the "smaccess.log" file:

Event
Hostname
Time
ClientIp
UserName
AgentName
Action
Resource
SessionId
ReasonStatusMsg

Default Audit Fields in an ODBC Audit Store Database:

sm_timestamp
sm_categoryid
sm_eventid 
sm_hostname
sm_sessionid
sm_username
sm_agentname
sm_realmname
sm_realmoid
sm_clientip
sm_domainoid
sm_authdirname
sm_authdirserver
sm_authdirnamespace
sm_resource
sm_action
sm_status
sm_reason
sm_transactionid
sm_domainname
sm_impersonatorname
sm_impersonatordirname
sm_assertion_id
sm_assertion_issuerid
sm_assertion_destinationurl
sm_assertion_statuscode
sm_assertion_NotOnBefore
sm_assertion_notonorafter
sm_assertion_sess_starttime
sm_assertion_sess_notonorafter
sm_assertion_authcontext
sm_assertion_versionid
sm_assertion_claims
sm_application_name
sm_tenant_name
sm_authentication_method
sm_devicehash    
sm_deviceid
sm_userrefid

 

Resolution


The amount of audit data written to a text file can be configured using "Enable Enhance Tracing" registry key in the SiteMinder Policy Server Registry (1)(2).

Windows:

  1. Logon to the Policy Server and run 'regedit.exe' with elevated privileges (Run As Administrator);
  2. Browse to the following registry hive:

    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports

  3. Add the following key:

    NAME: Enable Enhance Tracing
    TYPE=DWORD
    VALUE: <0|1|2|3|4>

    "Enable Enhance Tracing" values:

    0 – Disables enhanced auditing
    1 – Enables enhanced auditing
    2 – Logs assertion attributes
    3 – Logs assertion attributes and the authentication method that authenticates a user accesing a resource.
    4 – Logs assertion attributes, the authentication method and Enhanced Session Assurance with DeviceDNA™ information

Linux:

  1. Logon to the Policy Server;
  2. Browse to the following path:

    <Install_Dir>/siteminder/registry/sm.registry

  3. Open "sm.registry" with a text editor;
  4. Locate the following registry hive:

    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports

  5. Add the following key:

    NAME: Enable Enhance Tracing
    TYPE= REG_DWORD
    VALUE: <0|1|2|3|4>

    "Enable Enhance Tracing" values:

    0 – Disables enhanced auditing
    1 – Enables enhanced auditing
    2 – Logs assertion attributes
    3 – Logs assertion attributes and the authentication method that authenticates a user accesing a resource.
    4 – Logs assertion attributes, the authentication method and Enhanced Session Assurance with DeviceDNA™ information

    To illustrate: 

    Enable Enhance Tracing= 1;                    REG_DWORD

  6. Save the changes;
  7. Restart the Policy Server.

 

Additional Information

Powered by Wolken Software