Symantec Access Management

Hi,

We are currently inserting all our audit data into an SQL Database but if there is a problem with it (ex: database lock), SiteMinder Policy Server stop working (hang).

I know that there is another text file option that can be enable but we prefer to have database instead. We are using CA SiteMinder R12.52 SP1 CR04 on a Windows 2008 R2 x64 server.

Is it possible to configure SiteMinder Policy Server to first try to write into the database but if it doesn't answer back in a timely fashion switch automatically to a text file ?

Thanks

You can't configure the policy server to do that.  Set it up to write to a text file, then use the smauditimport tool which ships with SiteMinder.  It will import your audit logs into a RDBMS.  You will want to add some registry entries to ensure the text audit logs have the same data which would get logged to the database.  See the Policy Server Administration Guide for more details.

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports

Enable Enhance Tracing=  0x1         REG_DWORD

EscapeAuditFields=           0x1         REG_DWORD

smauditimport PathToAuditFile "DSN Name" dbuser dbpassword

Actually recently had to stop writing directly to an audit database for this very reason. In our scenario the audit DB was locked by some insert statement from the Policy Server; at that point it just queued up requests until all Policy Servers stopped responding.

Fix was essentially like David Geneve mentioned with using the smauditimport tool

(1) write to a flat text file and rotate logs on X schedule

(2) run a regularly scheduled job which: (a) executes the "smauditimport" to insert data from rotated log into DB and (b) zip up / move successful imports to long-term data retention location

That seems to be working ok thus far. There's only a small time lag since it's having to rotate and the import across which can take a little time. But from a security standpoint if IMMEDIATE (i.e., down to like the last 5 mins) information is required, then the flat file is still there for manual investigation.

----------------------

Would be a nice enhancement though for there to be an option that instead of queuing up requests, it would revert to a local log file until DB connection was restored.

There was an idea posted a while back, but only got 2 votes and status is "not planned". So doesn't seem CA has any plans on implementing it.

Siteminder Audit DB Fallback  to Local log file

We've had to abandon the policy server writing directly to a database also..  any database problems acts as a single

point of failure and will make all policy servers slow down.

We've batched the log files for loading into a database but that solution is starting to not scale.    CA's saying they have an

smauditimport command to load the data is kind of like  saying you have a wrench to fix your car while your traveling 100 mph.

As the number and size of log files increase it would be nice if CA has some resilient way to deal with log transfers and data collection.