Policy Server Administration Guide › Configuring Policy Server Logging › Configure the Policy Server Logs › How to Include SOA Security Manager Administrative Audit Events in Reports

How to Include SOA Security Manager Administrative Audit Events in Reports

If you already have a SOA Security Manager report server and an audit database, you can configure your SOA Security Manager Policy server to collect administrative audit events that you can import one the following report database types:

• Oracle database
• Microsoft SQL Server database

After the data is imported into a smobjlog4 database table, you can include it in any reports you generate using the SOA Security Manager report server.

A sample Perl script is installed with the SOA Security Manager Policy Server that you can customize to meet your needs.

To include administrative audit events in your SOA Security Manager reports, use the following process:

1. Copy the sample scripts on the Policy Server by doing the following:
   1. Open the following directory:

      policy_server_home\audit\samples
      

      Note: The following directories are the default locations for the policy_server_home variable:

      • C:\Program Files\ca\siteminder (Windows)
      • /opt/ca/siteminder (UNIX, Linux)
   2. Locate the following files:
      • Harvest.bat (for Windows)
      • Harvest.sh (for UNIX, Linux)
      • ProcessAudit.pl
      • Categories.txt
   3. Copy the previous files to the following directory:

      policy_server_home\audit
      

2. (Optional) Customize the ProcessAudit.pl script.
3. After the next scheduled run of the XPSAudit command, copies of the audit logs are created using the comma-separated value (CSV) format, and stored as .TMP files in the following directory:

   policy_server_home\audit_R6tmp
   

   Note: If you have events you want to generate manually to a .tmp file, run the following command in the policy_server_home\audit directory:

   ProcessAudit.pl <Transaction id>  
   

   The smobjlog4 database table lists the following 11 attributes and values. Only the first 8 are generated in the .TMP file:

          sm_timestamp         DATE DEFAULT SYSDATE NOT NULL,
          sm_categoryid        INTEGER DEFAULT 0 NOT NULL,
          sm_eventid           INTEGER DEFAULT 0 NOT NULL,
          sm_hostname          VARCHAR2(255) NULL,
          sm_sessionid         VARCHAR2(255) NULL,
          sm_username          VARCHAR2(512) NULL,
          sm_objname           VARCHAR2(512) NULL,
          sm_objoid            VARCHAR2(64) NULL,
          sm_fielddesc         VARCHAR2(1024) NULL,
          sm_domainoid         VARCHAR2(64) NULL,
          sm_status            VARCHAR2(1024) NULL
   

4. Copy the .TMP files from the previous directory on the Policy Server to the server that hosts your audit database.
5. Create one of the following files to map the CSV-formatted contents of the .TMP files to your database schema:
   • control_file_name.ctl (control file for Oracle databases)
   • format_file_name.fmt (format file for SQL Server databases)

   Note: For more information, see the documentation or online help provided by your database vendor.

6. On the server that hosts your audit database, run whichever of the following commands is appropriate for your type of database:
   • sqlldr (for Oracle databases)
   • bcp (for SQL Server databases)

   Note: For more information, see the documentation or online help provided by your database vendor.

7. After the command finishes, use the reports server to generate a report of administrative events.

   The administrative audit events appear in the report.