on 02-20-2009 2:57 AM
Hi every body, I need to configure security audit log to monitor user activities.I don't have minimum knowledge about audit log configuration.what I have to do initially?
i have checked with sm19, active profile is showing blank box. how can i active the profile? can i create new profile? if i configure this audit log any impacts to my system means for file system or database level?(do not ignore this question). please explain me how to configure the security log briefly. if you have any docs give the link path.
Thanks,
Nani
Hi Nani,
Before going to SM19 you have to add some parameters related to auditlogs.
Just go to rz10 and in instance profile you can add rsau related parameters like rsau/enable, rsau/max_diskspace_perday, rsay/localfile etc. After configuring these parameters just restart your SAP application and go to SM19, there you can activate profile.
For parameters you can see the SAP online documentation.
Regards
Nick Loy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Nani,
Please refer to the follwoing link for SM19
you will be able to configure it easily
http://searchsap.techtarget.com/tip/0,289483,sid21_gci1205376,00.html
Also it does occupy the space at OS level but there are ways to reorganize which are mentioned in the link above.
Please go through that and let me know of any questions
Rohit
Thanks Rohit, really i have founded my solution with the document. one more adivise please..can you pass me suitable values for the following below:
1.rsau/local/file: Name and location of the audit log file
2.rsau/max_diskspace/local: Max. space of the audit file. If maximum size is reached auditing stops.
3.rsau/selection_slots: Max. number of filters
Thanks alot,
Nani
Hai,
These inputs depends upon the requirements you have.
rsau/local/file: you can use any desired file, which has correct permissions for the sidadm user to write.
rsau/max_diskspace/local: depends upon the space in the filesystem, you can give values ranging from 1MB to several GB's. Normally the size depends upon the amount of data you are going to record. This also depend upon the no.of filters you set to audit.
rsau/selection_slots: also depends upon your requirement, you have to decide which user, which clients and which Audit classes you need.
Go through the details in the below link.....
http://help.sap.com/saphelp_nw04/helpdata/en/68/c9d8375bc4e312e10000009b38f8cf/frameset.htm
Regards,
Yoganand.V
hello Nani,
Here is you solution:
1. rsau/local/file-Hello Nani,which version of SAP do you use if 4.6 or more than that you dont require this parameter
The rsau/local/file parameter must be specified in Releases 4.0 and 4.5. For compatibility reasons, it is also still analyzed up to and including Release 6.20. As of Release 4.6 it can be left out. It no longer exists as of Release 6.40.
If it is used, the two profile parameters DIR_AUDIT and FN_AUDIT must correspond to the parameter rsau/local/file, that is:
rsau/local/file = DIR_AUDIT + FN_AUDIT
'+' here stands for the directory separator ('/' or '\').
Otherwise, audit files cannot be deleted with transaction SM18 (RSAUPURG report) or evaluation with transaction SM20 is not possible as of Release 4.6. "
Please refer to Note 539404 for more info.
2. rsau/max_diskspace/local- Answer: 2 gigabytes
For a single day, this means:
<= 4.6: 11,930,464 events or 138 events per second;
>= 6.10: 10.737.418 events or 124 events per second;
Value ranges of the profile parameters
Min Max
rsau/max_diskspace/local 1000000 2 GB
rsau/max_diskspace/per_file 1 MB 2 GB
rsau/max_diskspace/per_day 3*per_file 1024 GB
Changed minimum values (see Note 909734):
as of 6.40
rsau/max_diskspace/local 10 MB
as of 6.40 PL 143
rsau/max_diskspace/local 100 MB
Please refer to Note 539404 for more info
3. rsau/selection_slots- as of 4.6 release you can make 10 selections.please refer to note 539404 for more info
Hope this helps
Rohit
Hello, Does this audit log also capture which table someone has updated using the debugger with activity 01 02 or 06 ? Pl. advise. Thank you. Franco
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I need to assign the parameter "rsau/enable" to some users, but I do not know how to do it.
Could you please help me?
Many thanks in advance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI.....Experts, I cant understand..........How it changed? Last one month back I activated "rasu/enable" parameter value '1' via RZ10 but I found that parameter value '0" after server reboot. I hope RZ10 can fix profile parameters value permanently but how happened this? then how can fix it permanent? (AIX/DB2)
Thanks
Nani
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for your reply.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
103 | |
14 | |
10 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.