Previous Topic: General CA SiteMinder® TroubleshootingNext Topic: Publishing Diagnostic Information


Log File Descriptions

This section contains the following topics:

smaccesslog4

smobjlog4

smaccesslog4

The following table describes the logging that appears in smaccesslog4, which logs authentication and authorization activity.

Field Name

Description

Null?

Field Type

sm_timestamp

This marks the time at which the entry was
made to the database.

NOT NULL

DATE

sm_categoryid

The identifier for the type of logging.
It may be one of the following

  • 1 = Auth
  • 2 = Az
  • 3 = Admin
  • 4 = Affiliate

NOT NULL

NUMBER(38)

sm_eventid

This marks the particular event that caused the logging to occur. It may be one of the following:

  • 1 = AuthAccept
  • 2 = AuthReject
  • 3 = AuthAttempt
  • 4 = AuthChallenge
  • 5 = AzAccept
  • 6 = AzReject
  • 7 = AdminLogin
  • 8 = AdminLogout
  • 9 = AdminReject
  • 10 = AuthLogout
  • 11 = ValidateAccept
  • 12 = ValidateReject
  • 13 = Visit

NOT NULL

NUMBER(38)

sm_hostname

The machine on which the server is running.

 

VARCHAR2(255)

sm_sessionid

This is the session identifier for this user’s activity.

 

VARCHAR2(255)

sm_username

The username for the user currently logged in with this session.

 

VARCHAR2(512)

sm_agentname

The name associated with the agent that is being used in conjunction with the policy server.

 

VARCHAR2(255)

sm_realmname

This is the current realm in which the resource that the user wants resides.

 

VARCHAR2(255)

sm_realmoid

This is the unique identifier for the realm.

 

VARCHAR2(64)

sm_clientip

This is the IP address for the client machine
that is trying to utilize a protected resource.

 

VARCHAR2(255)

sm_domainoid

This is the unique identifier for the domain in which the realm and resource the user is accessing exist.

 

VARCHAR2(64)

sm_authdirname

This not used by the reports generator.

 

VARCHAR2(255)

sm_authdirserver

This not used by the reports generator.

 

VARCHAR2(512)

sm_authdir-namespace

This not used by the reports generator.

 

VARCHAR2(255)

sm_resource

This is the resource, for example a web page, that the user is requesting.

 

VARCHAR2(512)

sm_action

This is the HTTP action. Get, Post, and Put.

 

VARCHAR2(255)

sm_status

This is some descriptive text about the action.

 

VARCHAR2(1024)

sm_reason

These are the motivations for logging. 32000
and above are user defined. They are as
follows:

  • 0 = None
  • 1 = PwMustChange
  • 2 = InvalidSession
  • 3 = RevokedSession
  • 4 = ExpiredSession
  • 5 = AuthLevelTooLow
  • 6 = UnknownUser
  • 7 = UserDisabled
  • 8 = InvalidSessionId
  • 9 = InvalidSessionIp
  • 10 = CertificateRevoked
  • 11 = CRLOutOfDate
  • 12 = CertRevokedKeyCompromised
  • 13 = CertRevokedAffiliationChange
  • 14 = CertOnHold
  • 15 = TokenCardChallenge
  • 16 = ImpersonatedUserNotInDi 
  • 17 = Anonymous
  • 18 = PwWillExpire
  • 19 = PwExpired
  • 20 = ImmedPWChangeRequired
  • 21 = PWChangeFailed
  • 22 = BadPWChange
  • 23 = PWChangeAccepted
  • 24 = ExcessiveFailedLoginAttempts
  • 25 = AccountInactivity
  • 26 = NoRedirectConfigured      
  • 27 = ErrorMessageIsRedirect 

NOT NULL

NUMBER(38)

sm_reason
(continued)

  • 28 = Tokencode
  • 29 = New_PIN_Select
  • 30 = New_PIN_Sys_Tokencode
  • 31 = New_User_PIN_Tokencode
  • 32 = New_PIN_Accepted
  • 33 = Guest
  • 34 = PWSelfChange
  • 35 = ServerException
  • 36 = UnknownScheme
  • 37 = UnsupportedScheme
  • 38 = Misconfigured
  • 39 = BufferOverflow

 

 

sm_transactionid

This is not used by the reports generator.

 

VARCHAR2(255)

sm_domainname

This is the name of the domain in which the realm and resource the user is accessing exist.

NULL

VARCHAR2(255)

sm_impersonator-name

This is the login name of the administrator that is acting as the impersonator in an impersonated session.

NULL

VARCHAR2(512)

sm_impersonator-dirname

This is the name of the directory object that contains the impersonator.

NULL

VARCHAR2(255)

smobjlog4

The following table describes the logging that appears in smobjlog4, which logs administrative events.

Field Name

Description

Null?

Type

sm_timestamp

This marks the time at which the entry was made to the database.

NOT NULL

DATE

sm_categoryid

The identifier for the type of logging. It may be one of the following:

  • 1 = Auth
  • 2 = Agent
  • 3 = AgentGroup
  • 4 = Domain
  • 5 = Policy
  • 6 = PolicyLink
  • 7 = Realm
  • 8 = Response
  • 9 = ResponseAttr
  • 10 = ResponseGroup
  • 11 = Root
  • 12 = Rule
  • 13 = RuleGroup
  • 14 = Scheme
  • 15 = UserDirectory
  • 16 = UserPolicy
  • 17 = Vendor
  • 18 = VendorAttr
  • 19 = Admin
  • 20 = AuthAzMap
  • 21 = CertMap
  • 22 = ODBCQuery
  • 23 = SelfReg
  • 24 = PasswordPolicy
  • 25 = KeyManagement
  • 26 = AgentKey
  • 27 = ManagementCommand
  • 28 = RootConfig

NOT NULL

NUMBER(38)

sm_categoryid
(continued)

  • 29 = Variable
  • 30 = VariableType
  • 31 = ActiveExpr
  • 32 = PropertyCollection
  • 33 = PropertySection
  • 34 = Property
  • 35 = TaggedString
  • 36 = TrustedHost
  • 37 = SharedSecretPolicy

NOT NULL

NUMBER(38)

sm_eventid

This marks the particular event that caused the logging to occur. It may be one of the following:

  • 1 = Create
  • 2 = Update
  • 3 = UpdateField
  • 4 = Delete
  • 5 = Login
  • 6 = Logout
  • 7 = LoginReject
  • 8 = FlushAll
  • 9 = FlushUser
  • 10 = FlushUsers
  • 11 = FlushRealms
  • 12 = ChangeDynamicKeys
  • 13 = ChangePersistentKey
  • 14 = ChangeDisabledUserState
  • 15 = ChangeUserPassword
  • 16 = FailedLoginAttemptsCount
  • 17 = ChangeSessionKey

NOT NULL

NUMBER(38)

sm_hostname

This is not used by the reports generator for administrative logging.

 

VARCHAR2(255)

sm_sessionid

This is the session identifier for this user’s activity.

 

VARCHAR2(255)

sm_username

The username for this administrator.

 

VARCHAR2(512)

sm_objname

This is the object in the administrator that is being accessed.

 

VARCHAR2(512)

sm_objoid

This is the unique identifier for the object being accessed in the administrator. This is not used by the reports generator.

 

VARCHAR2(64)

sm_fielddesc

This is some descriptive text for the action being taken by the administrator.

 

VARCHAR2(1024)

sm_domainoid

This is the unique identifier for the domain that has an object being modified in the administrator. This is not used by the reports generator.

 

VARCHAR2(64)

sm_status

This is some descriptive text about the action. This is not used by the reports generator.

 

VARCHAR2(1024)