Symantec Access Management

  • Private Community

  • 1.  How to count siteminder authentication?

    Posted Dec 24, 2013 06:13 AM

    Hi All,

       Is there any way or tool available in siteminder R6 to count number of unique authentications have occured for a particular period of time?



  • 2.  RE: How to count siteminder authentication?

    Posted Dec 24, 2013 06:27 AM

    Hi Kannan,

        There is no such tool avialable you can only track the number of transactions using smaccess.log or smobjlog4 tables can tell you how many users got authenticated/Authorized.

    Regards

    Vikas Tiwari



  • 3.  RE: How to count siteminder authentication?

    Posted Dec 24, 2013 07:27 AM

    Hi Vikas,

     Thanks for the quick response.

    Can you pls tell me how to count number of transactions using smaccess.log except manuall work?

    KB



  • 4.  RE: How to count siteminder authentication?

    Posted Dec 24, 2013 09:46 AM

    Kannan, 

     

    this is preferential. what scripting or programming languages do you like? which would you like to use?

     

    it will also be completely custom code.

     

    -josh



  • 5.  RE: How to count siteminder authentication?

    Posted Dec 24, 2013 09:49 AM

    Hi Josh,

     I would like to use shell script. Could you please provide the script  if it is available ?

    KB

     



  • 6.  RE: How to count siteminder authentication?

    Posted Dec 24, 2013 11:14 AM

    option 1.  using SM build in function, and script

    you would have to turn on enhance tracing on ps to get more data into smaccess log.  no, this enhance tracing is not a profiler.  this feature is to log additional data, but it's not in detail like profiler.  locate this registry

     HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports

    then add this parameter/value pair, it doesn't matter where you add

    Enable Enhance Tracing= 0x1;                    REG_DWORD       <<< add this new attribute/value pair

    then write a script to  process the log.   base on Josh replied, i wonder if this is the script that Josh is planning to provide to you.

     

    Option 2, using external (third party tool).   for this option, investigate in Splunk.   However, make sure you size the effort properly as this is a very powerful log analytic tool, and once you hooked onto it, you will uncover many hidden gems and other would like to jump on your band wagon.  

    T.



  • 7.  RE: How to count siteminder authentication?

    Posted Dec 26, 2013 09:55 AM

    i'm not planning to provide anything.

     

    I was pointing out that it would be csomething custom and he would have to script or program it.

    that's an interesting registry key. i wonder if it is in his version, and if it is in the table or another missedone that Engineering did not bother to tell us about when i was with ca and did the registry documentation for a client that has since been ok'd for the public. (was ok'd the week i left. it was based on R12 SP3 CR3 i beleive. ask ca support if you want a copy)

     

    -josh



  • 8.  RE: How to count siteminder authentication?

    Posted Jan 10, 2014 01:12 PM

    The registry setting mentioned in this thread adds  more columns/fields to  the smaccess log.     For the question here I'm not sure those extra columns/fields are needed... they provide better info though and we use them.   We want to count AuthAccepts (and possibly AuthAttempts, AuthRejects)  or  all sessionids  (which could include the former) over a period of time  ..the original poster  didnt say precisely.

    So;

    a.) In the smconsole or your registry make sure we have Authentications Events set to log to your smaccess.log;

       HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Report

       AuthFilter=             0x1;                    REG_DWORD

    b.)  Now if one had their smaccess.log rotating hourly (big if ..but summarizing here)  a quick way to count the good logins/Auths in the hour could be:

       grep -c AuthAccept smaccess.log

    That is ..all AuthAccepts generate a unique sessionid  so counting the good logins gives a count.

    If one wants to count unique usernames only   (count a user  once even  if they logged in several times) then:

      grep AuthAccept smaccess.log| awk -F\[ '{ print $9 }' | sort -nr | uniq | wc -l

     

    c.)  Now if one were sending  to the audit log database  (or loading the smaccess logs into an oracle database) it becomes somewhat more useful..   to count all good logins (including the same users coming in again) per hour over the entire database;

      select to_char (SM_TIMESTAMP, "mm/dd/yy hh24'), count(SM_SESSIONID) from SMACCESSLOG4

      where SM_CATEGORYID =1  and SM_EVENTID  =1

      group by to_char(SM_TIMESTAMP), 'mm/dd/yy hh24')

    Changing the above to count(distinct SM_USERNAME)  would  give results that count only once the same user logging in several times in the hour..

    If a windows script may have been wanted I haven't helped at all and apologize.

     

     

     

     

     



  • 9.  RE: How to count siteminder authentication?

    Posted Feb 20, 2014 05:07 AM

    Thank you all for your valuable suggestions.



  • 10.  RE: How to count siteminder authentication?

    Posted May 01, 2014 08:49 PM

    Hi you can check SpyLogix for SiteMinder it is Validated CA Solution and does unique authorizations counts plus whole log more.

    http://identitylogix.com/phocadownload/Modules/SpyLogix%20for%20SiteMinder.pdf

    http://www.cloudcommons.com/product/spylogix.html