This section contains the following topics:
Policy Server Logging Overview
Configure the Policy Server Logs
Report Logging Problems to the System Log
The Policy Server log file records information about the status of the Policy Server and, optionally, configurable levels of auditing information about authentication, authorization, and other events in the Policy Server log file. If the Policy Server is configured as a RADIUS Server, RADIUS activity is logged in the RADIUS log file.
You configure these logs from the Management Console Logs tab.
To configure the Policy Server logs
Important! If you are accessing this graphical user interface on Windows Server 2008, open the shortcut with Administrator permissions. Use Administrator permissions even if you are logged in to the system as an Administrator. For more information, see the release notes for your SiteMinder component.
Note: For more information about the settings and controls on this tab, click Help, Management Console Help.
By default, SiteMinder administrator changes to policy store objects are written to a set of XPS text files that are located at siteminder_home\audit.
The audit logs are stored as text files, as shown in the following example:
policy_server_home/audit/xps-process_id-start_time-audit_sequence.file_type
The name of each audit log file contains the following information:
Indicates the number of the process associated with the audited event.
Indicates the time the transaction started in the following format:
YYYYMMDDHHMMSS
A four-digit year and the 24-hour clock are used.
Example: 20061204133000
Provides a sequence number for the audited event.
Indicates one of the following event types:
Indicates an audit log file that contains the following access events:
Indicates an audit log file that contains the following events:
Indicates an audit log file that contains the following transaction events:
Note: If you do not have write access to the SiteMinder binary files (XPS.dll, libXPS.so, libXPS.sl), an Administrator must grant you permission to use the related XPS command line tools using the Administrative UI or the XPSSecurity tool.
To change the default setting
xpsconfig
The tool starts and displays the name of the log file for this session, and a menu of choices opens.
xps
A list of options appears.
1
The current policy store audit settings appear.
Note: This parameter uses a value of TRUE or FALSE. Changing its value toggles between the two states.
The updated policy store audit settings appear. The new value is shown at the bottom of the list as "pending value."
Your changes are saved and the command prompt appears.
You can configure SiteMinder Policy Server to automatically process old log files by customizing one of the following scripts:
The script runs when one of the following events occurs:
Processes all of the log files in the directory at once.
During a rollover or an exit, the files are processed one-at-a-time by file name.
You can customize the script to process the files any way you want. For example, you could modify the script to delete them, move them to a database or archive them to another location.
Note: This script is provided only as an example. It is not supported by CA.
To automatically process old log files, do the following:
policy_server_home/audit/samples
policy_server_home/audit/Harvest.extension
Note: Do not rename the file or save it to a location different from the one specified.
If you have a SiteMinder report server and an audit database, you can configure the Policy Server to collect administrative audit events. You import this data in to the audit database, so you can include it in any reports you generate.
A sample Perl script is installed with the SiteMinder Policy Server that you can customize to meet your needs.
To include administrative audit events in your SiteMinder reports, use the following process:
policy_server_home\audit\samples
Note: The following directories are the default locations for the policy_server_home variable:
policy_server_home\audit
policy_server_home\audit_R6tmp
Note: If you have events you want to generate manually to a .tmp file, run the following command in the policy_server_home\audit directory:
ProcessAudit.pl <Transaction id>
The smobjlog4 database table lists the following 11 attributes and values. Only the first 8 are generated in the .TMP file:
sm_timestamp DATE DEFAULT SYSDATE NOT NULL, sm_categoryid INTEGER DEFAULT 0 NOT NULL, sm_eventid INTEGER DEFAULT 0 NOT NULL, sm_hostname VARCHAR2(255) NULL, sm_sessionid VARCHAR2(255) NULL, sm_username VARCHAR2(512) NULL, sm_objname VARCHAR2(512) NULL, sm_objoid VARCHAR2(64) NULL, sm_fielddesc VARCHAR2(1024) NULL, sm_domainoid VARCHAR2(64) NULL, sm_status VARCHAR2(1024) NULL
Note: For more information, see the documentation or online help provided by your database vendor.
Note: For more information, see the documentation or online help provided by your database vendor.
The administrative audit events appear in the report.
When the SiteMinder audit logs are stored as text files, they include a partial list of the available fields by default. If you want the text files that contain your audit logs to include all of the available fields, like an ODBC Audit database does, you can add a registry key to your Policy Server.
To mirror ODBC Audit log content in text-based audit logs
HKEY_LOCAL_MACHINE\Netegrity\SiteMinder\CurrentVersion\Reports\
Enable Enhance Tracing
The ODBC Audit log content will appear in your text-based audit logs.
When the SiteMinder audit logs are stored as text files, they include a partial list of the available fields by default. If you want the text files that contain your audit logs to include all of the available fields, like an ODBC Audit database does, you can add a registry key to your Policy Server.
To mirror ODBC Audit log content in text-based audit logs
sm.registry
- HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports=25089
- Enable Enhance Tracing= 0x1; REG_DWORD
Note: If you want to disable this feature in the future, change the 0x1 to 0x0.
The ODBC Audit log content will appear in your text-based audit logs.
You can configure the Policy Server to log information about exceptions that can occur while preparing or executing audit logs to the Windows event log viewer. This configuration can prevent you from missing this information in a production environment where debug logs are disabled. To configure this feature, set the value of the CategoryCount registry key to 7.
The CategoryCount registry key is found in the following registry location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application \SiteMinder
These events are logged under the event log categories ObjAuditLog and AccessAuditLog.
SiteMinder calls object events when objects are created, updated, or deleted. Any exceptions that occur while preparing/executing SiteMinder obj audit logs are logged to Windows event viewer under the 'ObjAuditLog' category.
Access events result from user-related activities and are called in the context of authentication, authorization, administration, and affiliate activity. Any exceptions that occur while preparing/executing SiteMinder access audit logs are logged to Windows event viewer under the 'AccessAuditLog' category.
Copyright © 2012 CA.
All rights reserved.
|
|