Correcting the "updated unknown" message when running a report in the Policy Server
search cancel

Correcting the "updated unknown" message when running a report in the Policy Server


Article ID: 7559


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


When we run an Audit report (for Administrative operations by administrator) we see in the reports an "Updated Unknown" message for AgentInstanceCreate events. The following:

<Object Class="CA.SM::AgentInstance" Xid="CA.SM::[email protected]0-0167089d" CreatedDateTime="2015-08-10T15:36:59" ModifiedDateTime="2015-08-10T15:36:59" UpdatedBy="os:NT AUTHORITY/SYSTEM" UpdateMethod="LocalAPI" ExportType="Replace">

is getting updated by (UpdateMethod="LocalAPI") based on the heartbeat interval and not an Administrative / Administrator operation to get recorded in the reports.

When Audit logs are configured to be stored in a text file, the following records for Agent Instance are written:

"5656-1446550425-3_1","03/Nov/2015::17:05:30 0530","CA.SM::[email protected]4-00033808","","Update","5656-1446550425-3"

"5656-1446550425-4_1","03/Nov/2015::17:36:24 0530","CA.SM::[email protected]8-030949f6","","Update","5656-1446550425-4"

But when configured to store the data directly into the ODBC database, there are no records with AgentInstance under dbo.smobjlog4 & dbo.smaccesslog4


Policy Server R12.52 CR00 build 142 on Linux 64 bitReport Server R12.52 CR00


As “AgentDiscovery” feature is enabled by default in the environment, the above agentinstance object related updates are logged in XPS-Audit events, which actually gets imported to Audit ‘smobjlog4’ table, to fetch store operation related reports.

As CA SSO's supplied “AdminOperationsByAdmin.rpt” file is not updated to understand the agent instance object category, the reports for AgentInstanceCreate action are showing as “unknown” and generating the messages.


Defining category id ‘81’ in the rpt file as “AgentInstance” solves the issue. This is implemented in R12.52 SP1 CR06.