smaccess.log or smobjlog4 table in audit store is not containing the administrative actions done on WAMUI or FSSUI
Article ID: 49040
Updated On:
Products
Issue/Introduction
Description:
smaccess.log or smobjlog4 table in audit store is not containing the administrative actions done on WAMUI or FSSUI, as these logs or tables are required for auditing means which administrator is doing which action.
Solution:
To get all the Administrative logs in smaccess.log or smobjlog4 table in audit store, you need to make sure In SITEMINDER MANAGEMENT CONSOLE on Logs TAB select LOG ALL EVENTS FOR Authentication/Authorization/administrator Access events
Open a command prompt and run XPSConfig from policy-server-install-folder/bin
Type SM when prompted for "stands for Siteminder
Look for below parameters:
77-LogAccess Type: Logical Scope: Managed
Desc: Indicates whether access attempts
are audited.
Current Value: "TRUE"
78-LogBufferedTracing Type: Logical Scope: Managed
Desc: Indicates whether buffered tracing
is enabled.
Current Value: "TRUE"
79-LogFile Type: String Scope: Managed
Desc: The name of the SiteMinder Policy
Server log file.
Current Value: "C:\Program
Files\CA\siteminder\log\smps.log"
80-LogFilesToKeep Type: Numeric Scope: Managed
Desc: The number of log files to keep
when performing a rollover.
Current Value: "10"
81-LogLastRolloverTime Type: Numeric Scope: Managed
Desc: The last time of log file
rollover.
Current Value: "0"
82-LogLocalTime Type: Logical Scope: Managed
Desc: Indicates whether the local
timezone is to be used in the log
file records, as opposed to GMT.
Current Value: "TRUE"
83-LogObj Type: Logical Scope: Managed
Desc: Indicates whether object
management attempts are audited.
Current Value: "TRUE"
84-LogRequests Type: Logical Scope: Managed
Desc: Indicates whether SiteMinder
Policy Server requests are to be
logged.
Current Value: "TRUE"
85-LogResponses Type: Logical Scope: Managed
Desc: Indicates whether SiteMinder
Policy Server responses are to be
logged.
Current Value: "TRUE"
86-LogRolloverDays Type: Numeric Scope: Managed
Desc: Indicates whether log file
rollovers are to be performed
daily.
Current Value: "0"
87-LogRolloverInterval Type: Numeric Scope: Managed
Desc: Indicates whether log file
rollovers are to be performed
hourly.
Current Value: "0"
88-LogRolloverOnStart Type: Logical Scope: Managed
Desc: Indicates whether a log file
rollover is to be performed when
SiteMinder Policy Server starts
up.
Current Value: "TRUE"
89-LogRolloverSize Type: Numeric Scope: Managed
Desc: The log file size upon reaching
which a log file rollover is to be
performed.
Current Value: "10"
90-LogRolloverTime Type: String Scope: Managed
Desc: The interval of time after which
to execute log file rollover.
Current Value: ""
91-LogStatus Type: Logical Scope: Managed
Desc: The log status.
Current Value: "TRUE"
92-LogStoreNamespace Type: String Scope: Managed
Desc: The audit log store namespace.
Current Value: "TEXT:"
93-LogTrace Type: Logical Scope: Managed
Current Value: "FALSE"
94-LogTraceConfig Type: String Scope: Managed
Desc: The name of the file that stores
the trace configuration settings.
Current Value: "C:\Program
Files\CA\siteminder\config\smtrace
default.txt"
95-LogTraceConsole Type: Logical Scope: Managed
Desc: Indicates whether trace messages
are shown in a console window.
Current Value: "TRUE"
And change there values to true so that you will have maximum loggings.
Press q till you get the prompt back.
If you see sometime after policy server restart or physical reboot smaccess.log is not getting updated check for LogObj this generally get change to False after restart. So need to change the value to True again.
Read and check the parameter as the above vaules are numbered as per R12sp3 and R12.5 CA SiteMinder is having different numbers.
Environment
Component:
Feedback
