Enhanced TEXT Auditing Feature in SiteMinder Policy Server

Document ID : KB000054446
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The default TEXT auditing in Policy Server contains less information as compared to the ODBC auditing. As part of this Enhancement, the TEXT auditing module has been enhanced to log more information and is brought in near-sync with the OBC auditing.

This new behavior is tunable, in the sense that it can be turned ON/OFF on need basis.

IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to create a backup of the registry and ensure that you understand how to restore the registry if a problem may occur. For more information about how to backup, restore, edit the registry, please review the relevant Microsoft Knowledge Base articles on support.microsoft.com.

Solution:

To Enable Enhanced TEXT Auditing:

This new behavior can be Enabled/Disabled using a registry key.

Registry Key Details:

  • The registry key doesn't exist as a part of Policy server installation and has to be added manually.

  • If the key is not present, or set to 0 (or any value other than 1), the feature is considered as Disabled and the default fields are logged in text file for auditing.

  • If the value is SET to 1; Enhanced Tracing is enabled and all the fields are logged in text file for auditing events.

For windows:

Add the following key:

TYPE=DWORD
\netegrity\SiteMinder\CurrentVersion\Reports\Enable Enhance Tracing

For Solaris:

The file ~ siteminder/registry/sm.registry should be edited.
Under the line: HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports
Add the following:

Enable Enhance Tracing= 0x1;                    REG_DWORD

Note that the changes are not done for events corresponding to EMS. All the logging done for EMS will remain same irrespective of the value of registry key.

Sample TEXT audit logs when the feature is Enabled:

[Category][Event][Reason][Hostname][Time][AgentName][SessionId][UserName][DomainOid][RealmName][RealmOid][ClientIp]
[resource][Action][AuthDirName][AuthDirServer][AuthDirNamespace][TransactionId][StatusMsg][DomainName][ImpersonatorName]
[ImpersonatorDirName][ObjName][ObjOid][FieldDesc] [========][=====][======][========][====][=========][=========][========][=========][=========][========][========][========]
[======][===========][=============][================][=============][=========][==========][================]
[===================] [=======][======][=========] [Auth][Login][][B5SMERW2KS4-7][25/Oct/2008:12:57:05 0530][][JujVK4+ww9OcGd4ZK5pslOzTiVA=][SiteMinder][][][][][][][][][]
[][][][][][][][] [Admin][AdminLogin][][B5SMERW2KS4-7][25/Oct/2008:12:57:05 0530][][SiteMinder@JujVK4+ww9OcGd4ZK5pslOzTiVA=][SiteMinder][]
[][][127.0.0.1][][][][][][][][][][][][][]

Minimun Requeriments:

  • SiteMinder Policy Server 6 SP5 CR20 or higer.