The AdminUI by default logs events to the /audit/ folder as txn, audit, and access XPS txt files.
However, there is no easy way to correlate the username to the OID/XID change.
Putting this data into an audit database and using a Report Server to generate reports of these events is an option. But the Report Server is no longer available.
With a few modifications, the same data can be written out to the smaccess.log for easier parsing.
Edit the SiteMinder registry at this location:
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports
Create this REG_DWORD entry:
Enable Enhance Tracing= 1
Open XPSConfig
Enter "SM"
Enter # for LogObj
Enter "C" to change value
Enter "Q" until you exit XPSConfig
Open the SmConsole (click OK for warning message)
Go to the Logs tab
Under Policy Server Audit Log section
Select "Log All Events" for Administrator Access Events
Results - Example Agent creation, modification and deletion by Siteminder user
[Agent][Create][][servername][28/Jun/2018:17:09:38 -0500][][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][agent2][01-aa1526e0-a780-4898-8fec-de3e6be6dbc5][]
[Agent][Update][][servername][28/Jun/2018:17:10:28 -0500][][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][agent1][01-728c847d-5046-4c79-93ad-5fc76606a598][]
[Agent][Delete][][servername][28/Jun/2018:17:10:45 -0500][][][siteminder][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][][][][][agent1][01-728c847d-5046-4c79-93ad-5fc76606a598][]