Unable to load audit text files using the SiteMinder SMAuditImport utility

Document ID : KB000024961
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

I'm auditing to a text files and I would like to import this information into my SQL Server Database using the SMAuditImport utility, but it fails:

C:\Program Files\CA\siteminder\bin>smauditimport.exe c:\temp\smaccess.log "auditstore" sa mypassword
 
Error:  Missing fields on line 1
Error:  Missing fields on line 2
Error:  Missing fields on line 3
Error:  Missing fields on line 4
Error:  Missing fields on line 5
Error:  Missing fields on line 6
Error:  Missing fields on line 7
Error:  Missing fields on line 8
Error:  Missing fields on line 9
Error:  Missing fields on line 10
Error:  Missing fields on line 11
Error:  Missing fields on line 12
Error:  Missing fields on line 13
Error:  Missing fields on line 14
Error:  Missing fields on line 15
Successfully inserted a total of 0 rows to smaccesslog4 table.
Successfully inserted a total of 0 rows to smobjlog4 table.
Total rows inserted: 0.

Solution

Audit file is not in the expected format.

Snippet of audit file:

<- Begin
 
AuthAccept lempvm05 [29/Sep/2009:15:56:16 -0500] "138.42.193.154 Mikel" "lempvm05 get /transpolar/tickets.html" [idletime=3600;maxtime=7200;authlevel=5;] [0]  [] []
AzAccept lempvm05 [29/Sep/2009:15:56:16 -0500] "138.42.193.154 Mikel" "lempvm05 get /transpolar/main.html" [] [0]  [] []
 
-> End
 

By design Enhanced Audit Tracing is a requiriment for the SMAuditImport tool.

Enhanced Audit Tracing can be enable as follows:

For windows:

Add the following key:

TYPE=DWORD
\netegrity\SiteMinder\CurrentVersion\Reports\Enable Enhance Tracing
 

For Solaris:

The file ~ siteminder/registry/sm.registry should be edited.

Under the line:

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports

Add the following:

Enable Enhance Tracing=                 0x1;                      REG_DWORD

Notes:

  • The registry key doesn't exist as a part of Policy server installation and has to be added manually.
  • If the value is SET to 1; Enhanced Tracing is enabled and all the fields are logged in text file for auditing events.