‘Changed Attributes’ Log Truncation in Waveset Audit Log


Rob Jackson 25/02/2013

You may have noticed in Waveset’s auditlog reports that when too many attribute values have changed in a transaction, you don’t see the nicely printed before/attempted/after table of changed values.  This is a known limitation in the default database schema because the column that holds this info is a 4000 length VARCHAR field.  Waveset ships with a sample .sql script that allows you to change this column to a CLOB – IF your repository is an Oracle Database.  

The sample SQL script can be found in the Waveset install media, aptly named convert_log_acctAttrChangesCHAR2CLOB.oracle.sql

Documentation on this update can be found here:
http://docs.oracle.com/cd/E19225-01/821-0094/6nl60aig6/index.html
However, while running this on a Waveset 8.1.1.6 instance recently, i found that the change was ineffective, and It was still storing truncated 4000 character entries.

By chance, I came across a Configuration object in the repository called RepositoryConfiguration.  It was different from the default init version and contained a setting that I could not find the Oracle documentation on called maxLogAcctAttrChangesLength.  It IS mentioned in the old Sun IdM 7.1.1 release notes (http://docs.oracle.com/cd/E19164-01/820-2952/indexa.html) but seems to have gone missing in the Waveset Admin Guide.  The value was set to 4000.  After updating it to an arbitrarily large value (ie 1000000) and an application server restart I was now getting non-truncated acctAttrChanges values in the new CLOB column.

Here is a SQL sample to verify your results.  The most notable case of truncation in this environment occurred when modifying users with many Active Diretory groups (containing full group DNs):

select length(ACCTATTRCHANGES) from WAVESET.LOG where ACTIONDATETIME like ‘20130225%’ and resourcename = ‘AD’;

No Results