This section contains the following topics:
Track User Activities or Application Usage with Auditing
Record the Transaction ID in Oracle iPlanet Web Server Logs
Record the Transaction ID in Apache Web Server Logs
Record the User Name and Transaction ID in IIS Server Logs
You can you can measure how often applications on your web site are used, or track user activities with auditing. Auditing is controlled with the following parameter:
Specifies whether the Web Agent logs all successful authorizations that are stored in the user session cache. When enabled, user authorizations are logged even when the Web Agent uses information from its cache instead of contacting the Policy Server. Web Agents log user names and access information in native web server log files when users access resources.
Default: No
Both the Policy Server and Web Agent audit user activity. The Web Agent sends a message to the Accounting service each time a user is authorized from cache to access resources. This action ensures that the Accounting service is tracking successful authorizations for the Web Agent and the Policy Server. If the Web Agent cannot successfully send an audit message to the Accounting service for an authorization, access to the resource is denied. You can then run a SiteMinder activity report from the Administrative UI. The reports from the Policy Server show user activity for each SiteMinder session.
Note: For more information, see the Policy Server documentation.
To track user activity or application usage with auditing, set the value of the EnableAuditing parameter to yes.
Valid on Solaris
The Web Agent generates a unique transaction ID for each successful user authorization request. The Agent adds the ID to the HTTP header. The ID is also recorded in the following logs:
You can track user activities for a given application using the transaction ID.
Note: For more information, see the Policy Server documentation.
The transaction ID appears in the log as a mock query parameter in the log that is appended to the end of an existing query string. The following example shows transaction ID (in bold) appended to a query string (which ends with STATE=MA):
172.24.12.1, user1, 2/11/00, 15:30:10, W3SVC, MYSERVER, 192.168.100.100, 26844, 47, 101, 400, 123, GET, /realm/index.html, STATE=MA&SMTRANSACTIONID=0c01a8c0-01f0-38a47152-01ad-02714ae1
If no query parameters are in the URL, the Agent adds the transaction ID at the end of the web server log entry. For example:
172.24.12.1, user1, 2/11/00, 15:30:10, W3SVC, MYSERVER, 192.168.100.100, 26844, 47, 101, 400, 123, GET, /realma/index.html, SMTRANSACTIONID=0c01a8c0-01f0-38a47152-01ad-02714ae1.
Note: Web Agents log user names and access information in native web server log files when users access resources.
You can record the SiteMinder transaction ID in the Oracle iPlanet web server logs.
Follow these steps:
%Req->headers.SM_TRANSACTIONID%"
Note: Enter the header variable in uppercase unless the value of the LowerCaseHTTP parameter is set to yes in your Agent Configuration Object or local configuration file.
The following example shows the SMTRANSACTIONID header variable in bold at the end of an existing entry. However, you can place it anywhere in the list of variables.
Init fn="flex-init" access="D:/iPlanet/server4/https-orion/logs/access" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \" %Req->srvhdrs.clf-status% %Req-srvhdrs.content-length% %Req->headers.- SM_TRANSACTIONID%"
The transaction ID appears in the Oracle iPlanet web server logs. The following example shows a web server log entry with the transaction ID in bold:
11.22.33.44 - user1 [21/Nov/2003:16:12:24 -0500] "GET /Anon/index.html HTTP/1.0" 200 748 3890b4b9-58f8-4a74df53-07f6-0002df88
The Web Agent generates a unique transaction ID for each successful user authorization request. The Agent adds the ID to the HTTP header. The ID is also recorded in the following logs:
You can track user activities for a given application using the transaction ID.
Note: For more information, see the Policy Server documentation.
The transaction ID appears in the log as a mock query parameter in the log that is appended to the end of an existing query string. The following example shows transaction ID (in bold) appended to a query string (which ends with STATE=MA):
172.24.12.1, user1, 2/11/00, 15:30:10, W3SVC, MYSERVER, 192.168.100.100, 26844, 47, 101, 400, 123, GET, /realm/index.html, STATE=MA&SMTRANSACTIONID=0c01a8c0-01f0-38a47152-01ad-02714ae1
If no query parameters are in the URL, the Agent adds the transaction ID at the end of the web server log entry. For example:
172.24.12.1, user1, 2/11/00, 15:30:10, W3SVC, MYSERVER, 192.168.100.100, 26844, 47, 101, 400, 123, GET, /realma/index.html, SMTRANSACTIONID=0c01a8c0-01f0-38a47152-01ad-02714ae1.
Note: Web Agents log user names and access information in native web server log files when users access resources.
You can record the SiteMinder transaction ID in the Apache web server logs SMTRANSACTIONID header variable.
Follow these steps:
For example:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{SM_TRANSACTIONID}i\"" common
Note: For more information about the httpd.conf file and the LogFormat directive, see your Apache web server documentation.
The transaction ID is recorded in the Apache web server logs.
The Web Agent generates a unique transaction ID for each successful user authorization request. The Agent adds the ID to the HTTP header. The ID is also recorded in the following logs:
You can track user activities for a given application using the transaction ID.
Note: For more information, see the Policy Server documentation.
The transaction ID appears in the log as a mock query parameter in the log that is appended to the end of an existing query string. The following example shows transaction ID (in bold) appended to a query string (which ends with STATE=MA):
172.24.12.1, user1, 2/11/00, 15:30:10, W3SVC, MYSERVER, 192.168.100.100, 26844, 47, 101, 400, 123, GET, /realm/index.html, STATE=MA&SMTRANSACTIONID=0c01a8c0-01f0-38a47152-01ad-02714ae1
If no query parameters are in the URL, the Agent adds the transaction ID at the end of the web server log entry. For example:
172.24.12.1, user1, 2/11/00, 15:30:10, W3SVC, MYSERVER, 192.168.100.100, 26844, 47, 101, 400, 123, GET, /realma/index.html, SMTRANSACTIONID=0c01a8c0-01f0-38a47152-01ad-02714ae1.
Note: Web Agents log user names and access information in native web server log files when users access resources.
Agents protecting resources on IIS servers do not record the SiteMinder transaction ID and authenticated user name in the IIS server logs by default. Because these agents can operate as ISAPI extensions (in Classic Pipeline mode), the server would have already logged a transaction. You can force the agent to add this information with the following parameters:
Instructs the agent to add the authenticated user name and SiteMinder transaction ID to the cs-uri-query field of the IIS server log. For URLs containing query strings, commas separate the query string, SiteMinder transaction ID, and username in the cs-uri-query field of the IIS server log.
Default: No
Specifies a value for the REMOTE_USER HTTP header variable which legacy applications could possibly require.
Default: No
To record the transaction ID and user name in the IIS server log.
The user name and transaction ID appears in the IIS server logs.
|
Copyright © 2012 CA.
All rights reserved.
|
|