The AdminUI by default logs events to the /audit/ folder as txn, audit, and access XPS txt files. However there is no easy way to correlate the username to the OID/XID changed. You could put this data into an audit database and use a Report Server to generate reports of these events. But the Report Server is no longer available. With a few modifications, the same data can be written out to the smaccess.log for easier parsing.
Step 1 - Enable Enhanced Tracing registry
Edit the SiteMinder registry at this location:
Create this REG_DWORD entry:
Enable Enhance Tracing= 1
Step 2 - Enable Audit Logging for SM Objects
Enter # for LogObj
Enter "C" to change value
Enter "Q" until you exit XPSConfig
Step 3 - Enable SM Logging for Administrators
Open the SmConsole (clock OK for warning message)
Go to the Logs tab
Under Policy Server Audit Log section
Select "Log All Events" for Administrator Access Events
Select "Log All Events" for Administrator Changes to Policy Store Objects
- Step 2 modification will trigger a warning message:
Logging of admin change to Policy Store should not be enabled. It would be logged by XPSAudit. Please check Logs tab.
-Steps 2 and 3 will cause duplication as events are logged into the smaccess.log and /audit/ files.