Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to Enable Auditing?

former_member182824
Explorer
‎04-25-2014 12:57 AM

Hi all,

My name is Man-Ted Chan and I’m from the SAP HANA support  team. Today’s blog will be about SAP HANA auditing. Auditing is a feature in the SAP HANA database that allows admins to monitor and record actions performed to the SAP HANA system.

AUTHORIZATIONS

In order to activate and configure auditing the SAP user will need the following system privileges:

  • AUDIT ADMIN

HOW TO ENABLE

1)      In the SAP HANA Studio expand the system on which you would like to enable auditing.

2)      Expand the ‘Security’ folder.

3)      Double click on the ‘Security option.’

4)      Click on the Auditing Status drop down menu; by default it will be ‘Disabled.’

5)      Select ‘Enabled.’

6)      Select your auditing type. There are 3 options:

a.       Syslog (Default) -  Uses the logging system  of the Linux OS

b.      CSV text file - Writes the audits as a CSV file in a user specified directory (in the example below it is /tmp/example). If the directory is left blank it will be written to the same directory the system trace files are written to

c.       Database Table – Audits are written to an internal table: AUDIT_LOG. In order to read from this table the user will need either the AUDIT ADMIN or AUDIT OPERATOR system privileges

7)      Click on the deploy button or press F8.

CREATING AN AUDIT POLICY

An audit policy defines the actions to be audited; in order to create an audit policy the user must have AUDIT ADMIN system rights.

1)      Click the green plus sign under the ‘Audit Polices’ panel.

2)      Enter in your policy name

3)      Click in the Audited actions field and then press the ‘…’

4)      The following popup will appear and users will select what actions they would like audited (in this example I will be auditing ‘CREATE ROLE’).

5)      Select when an audit record should be created in the ‘Audited actions status’ column.

a.       SUCCESSFUL – When an action is successfully executed it is logged

b.      UNSUCCESSFUL – When an action is unsuccessfully executed it is logged

c.       ALL – Both of the above situations are logged

6)      Select the audit level:

a.      EMERGENCY

b.      CRITICAL

c.      ALERT

d.      WARNING

e.      INFO (default)

7)      If needed, you can filter the users you would like to audit. Under the users column you can press the ‘…’ button,

and the following popup will appear:

😎      You can also specify the target object(s) to be audited. This option is valid if the actions to be audited involve SELECT, INSERT, UPDATE, DELETE.

9)      Once done press the deploy button or press F8 (please note that in the image below the Directory name is filled in, but it is not editable because the ‘Audit Trail Target’ is Database Table).

EXAMPLE OUTPUT
Database table example:


CSV example:

SYSLOG example:

DELETING THE AUDIT POLICY

To delete a create audit select it and press the red x.

The following popup will appear:

Once you hit OK press F8 or the execute button again.

4 Comments
Labels in this area
Popular Blog Posts