What is the format of the smaccess.log?

Document ID : KB000023644
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

When you are using the text format for the audit logs, a file called smaccess.log (by default) is generated.

The format is fixed and can not be changed, it depends on the policy server version but for 6SP5CR20 we have:

[Event] [Hostname] [Date/Time] [ClientIP] [UserDN] [Agentname] [Action] [Resource] 
[TransactionID] [Reason] [Status Message] [Impersonator Name] [Impersonator Dir Name] 

Solution:

It depends on the policy server version but for 12.52SP1CR06 we have:

[Event] [Hostname] [Date/Time] [ClientIP] [UserDN] [Agentname] [Action] [Resource] 
[TransactionID] [Reason] [Status Message] [Impersonator Name] [Impersonator Dir Name] 

Example:

AuthAccept NITJU01-U188269 [21/Apr/2017:09:52:04 -0400] "130.119.150.134 uid=u1,ou=Users,o=root" "nitju01-u188269 GET /ajax/ajax.html" 
[idletime=60;maxtime=120;authlevel=5;] [0] [] []

If you are not using impersonation functionalities you will not have any information in the last 2 fields.

 

Addtional information :

You can Mirror ODBC Audit Log Content in Text-based Audit Logs, please check the following documentation : sm.registry key : Enable Enhance Tracing

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/policy-server-configuration/configure-the-policy-server-log-smps-log-and-audit-log-smaccess-log/