smaccess.log or smobjlog4 table in audit store is not containing the administrative actions done on WAMUI or FSSUI

Document ID : KB000049040
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

smaccess.log or smobjlog4 table in audit store is not containing the administrative actions done on WAMUI or FSSUI, as these logs or tables are required for auditing means which administrator is doing which action.

Solution:

To get all the Administrative logs in smaccess.log or smobjlog4 table in audit store, you need to make sure In SITEMINDER MANAGEMENT CONSOLE on Logs TAB select LOG ALL EVENTS FOR Authentication/Authorization/administrator Access events

Open a command prompt and run XPSConfig from policy-server-install-folder/bin
Type SM when prompted for "stands for Siteminder
Look for below parameters:

77-LogAccess                        Type: Logical Scope: Managed
                                      Desc: Indicates whether access attempts
                                            are audited.
                             Current Value: "TRUE"
78-LogBufferedTracing               Type: Logical Scope: Managed
                                      Desc: Indicates whether buffered tracing
                                            is enabled.
                             Current Value: "TRUE"
79-LogFile                          Type: String  Scope: Managed
                                      Desc: The name of the SiteMinder Policy
                                            Server log file.
                             Current Value: "C:\Program
                                            Files\CA\siteminder\log\smps.log"
80-LogFilesToKeep                   Type: Numeric Scope: Managed
                                      Desc: The number of log files to keep
                                            when performing a rollover.
                             Current Value: "10"
81-LogLastRolloverTime              Type: Numeric Scope: Managed
                                      Desc: The last time of log file
                                            rollover.
                             Current Value: "0"
82-LogLocalTime                     Type: Logical Scope: Managed
                                      Desc: Indicates whether the local
                                            timezone is to be used in the log
                                            file records, as opposed to GMT.
                             Current Value: "TRUE"
83-LogObj                           Type: Logical Scope: Managed
                                      Desc: Indicates whether object
                                            management attempts are audited.
                             Current Value: "TRUE"
84-LogRequests                      Type: Logical Scope: Managed
                                      Desc: Indicates whether SiteMinder
                                            Policy Server requests are to be
                                            logged.
                             Current Value: "TRUE"
85-LogResponses                     Type: Logical Scope: Managed
                                      Desc: Indicates whether SiteMinder
                                            Policy Server responses are to be
                                            logged.
                             Current Value: "TRUE"
86-LogRolloverDays                  Type: Numeric Scope: Managed
                                      Desc: Indicates whether log file
                                            rollovers are to be performed
                                            daily.
                             Current Value: "0"
87-LogRolloverInterval              Type: Numeric Scope: Managed
                                      Desc: Indicates whether log file
                                            rollovers are to be performed
                                            hourly.
                             Current Value: "0"
88-LogRolloverOnStart               Type: Logical Scope: Managed
                                      Desc: Indicates whether a log file
                                            rollover is to be performed when
                                            SiteMinder Policy Server starts
                                            up.
                             Current Value: "TRUE"
89-LogRolloverSize                  Type: Numeric Scope: Managed
                                      Desc: The log file size upon reaching
                                            which a log file rollover is to be
                                            performed.
                             Current Value: "10"
90-LogRolloverTime                  Type: String  Scope: Managed
                                      Desc: The interval of time after which
                                            to execute log file rollover.
                             Current Value: ""
91-LogStatus                        Type: Logical Scope: Managed
                                      Desc: The log status.
                             Current Value: "TRUE"
92-LogStoreNamespace                Type: String  Scope: Managed
                                      Desc: The audit log store namespace.
                             Current Value: "TEXT:"
93-LogTrace                         Type: Logical Scope: Managed
                             Current Value: "FALSE"
94-LogTraceConfig                   Type: String  Scope: Managed
                                      Desc: The name of the file that stores
                                            the trace configuration settings.
                             Current Value: "C:\Program
                                            Files\CA\siteminder\config\smtrace
                                            default.txt"
95-LogTraceConsole                  Type: Logical Scope: Managed
                                      Desc: Indicates whether trace messages
                                            are shown in a console window.
                             Current Value: "TRUE"

And change there values to true so that you will have maximum loggings.

Press q till you get the prompt back.

If you see sometime after policy server restart or physical reboot smaccess.log is not getting updated check for LogObj this generally get change to False after restart. So need to change the value to True again.

Read and check the parameter as the above vaules are numbered as per R12sp3 and R12.5 CA SiteMinder is having different numbers.