cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security Audit Log Configuration(SM19) Information

Go to solution
Former Member

on ‎02-20-2009 2:57 AM

0 Kudos

Hi every body, I need to configure security audit log to monitor user activities.I don't have minimum knowledge about audit log configuration.what I have to do initially?

i have checked with sm19, active profile is showing blank box. how can i active the profile? can i create new profile? if i configure this audit log any impacts to my system means for file system or database level?(do not ignore this question). please explain me how to configure the security log briefly. if you have any docs give the link path.

Thanks,

Nani

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-20-2009 5:01 AM
0 Kudos

Hi Nani,

Before going to SM19 you have to add some parameters related to auditlogs.

Just go to rz10 and in instance profile you can add rsau related parameters like rsau/enable, rsau/max_diskspace_perday, rsay/localfile etc. After configuring these parameters just restart your SAP application and go to SM19, there you can activate profile.

For parameters you can see the SAP online documentation.

Regards

Nick Loy

Show replies
Show replies
Former Member
‎02-20-2009 5:30 AM
0 Kudos

Thank Nick Loy, is enough or any thing else? any impacts is there if we activated the log. does it occupies more space at o/s level or database level?if i activated this log how many months data i can view with sm20?

Thanks.

Former Member
‎02-20-2009 7:04 AM
0 Kudos

Hello Nani,

Please refer to the follwoing link for SM19

you will be able to configure it easily

http://searchsap.techtarget.com/tip/0,289483,sid21_gci1205376,00.html

Also it does occupy the space at OS level but there are ways to reorganize which are mentioned in the link above.

Please go through that and let me know of any questions

Rohit

Former Member
‎02-20-2009 9:29 AM
0 Kudos

Thanks Rohit, really i have founded my solution with the document. one more adivise please..can you pass me suitable values for the following below:

1.rsau/local/file: Name and location of the audit log file

2.rsau/max_diskspace/local: Max. space of the audit file. If maximum size is reached auditing stops.

3.rsau/selection_slots: Max. number of filters

Thanks alot,

Nani

Former Member
‎02-20-2009 11:45 AM
0 Kudos

Hai,

These inputs depends upon the requirements you have.

rsau/local/file: you can use any desired file, which has correct permissions for the sidadm user to write.

rsau/max_diskspace/local: depends upon the space in the filesystem, you can give values ranging from 1MB to several GB's. Normally the size depends upon the amount of data you are going to record. This also depend upon the no.of filters you set to audit.

rsau/selection_slots: also depends upon your requirement, you have to decide which user, which clients and which Audit classes you need.

Go through the details in the below link.....

http://help.sap.com/saphelp_nw04/helpdata/en/68/c9d8375bc4e312e10000009b38f8cf/frameset.htm

Regards,

Yoganand.V

Former Member
‎02-20-2009 9:00 PM
0 Kudos

hello Nani,

Here is you solution:

1. rsau/local/file-Hello Nani,which version of SAP do you use if 4.6 or more than that you dont require this parameter

The rsau/local/file parameter must be specified in Releases 4.0 and 4.5. For compatibility reasons, it is also still analyzed up to and including Release 6.20. As of Release 4.6 it can be left out. It no longer exists as of Release 6.40.

If it is used, the two profile parameters DIR_AUDIT and FN_AUDIT must correspond to the parameter rsau/local/file, that is:

rsau/local/file = DIR_AUDIT + FN_AUDIT

'+' here stands for the directory separator ('/' or '\').

Otherwise, audit files cannot be deleted with transaction SM18 (RSAUPURG report) or evaluation with transaction SM20 is not possible as of Release 4.6. "

Please refer to Note 539404 for more info.

2. rsau/max_diskspace/local- Answer: 2 gigabytes

For a single day, this means:

<= 4.6: 11,930,464 events or 138 events per second;

>= 6.10: 10.737.418 events or 124 events per second;

Value ranges of the profile parameters

Min Max

rsau/max_diskspace/local 1000000 2 GB

rsau/max_diskspace/per_file 1 MB 2 GB

rsau/max_diskspace/per_day 3*per_file 1024 GB

Changed minimum values (see Note 909734):

as of 6.40

rsau/max_diskspace/local 10 MB

as of 6.40 PL 143

rsau/max_diskspace/local 100 MB

Please refer to Note 539404 for more info

3. rsau/selection_slots- as of 4.6 release you can make 10 selections.please refer to note 539404 for more info

Hope this helps

Rohit

Answers (4)

Answers (4)

Former Member
‎10-28-2014 8:06 PM
0 Kudos

Hello, Does this audit log also capture which table someone has updated using the debugger with activity 01 02 or 06 ? Pl. advise. Thank you. Franco

Show replies
Show replies
Former Member
‎02-03-2014 10:17 AM
0 Kudos

Hello,

I need to assign the parameter "rsau/enable" to some users, but I do not know how to do it.

Could you please help me?

Many thanks in advance.

Show replies
Show replies
Former Member
‎04-09-2009 3:35 AM
0 Kudos

HI.....Experts, I cant understand..........How it changed? Last one month back I activated "rasu/enable" parameter value '1' via RZ10 but I found that parameter value '0" after server reboot. I hope RZ10 can fix profile parameters value permanently but how happened this? then how can fix it permanent? (AIX/DB2)

Thanks

Nani

Show replies
Show replies
Former Member
‎02-24-2009 8:45 AM
0 Kudos

Thanks for your reply.

Show replies
Show replies
Former Member
‎03-17-2009 6:20 AM
0 Kudos

I`am not able to refer note 539404 please help me .

Please if possible send it to my or call me at 9320661626

Kindly tell me the procedure to enable audit log for multiple users(more than 2).

Ask a Question