CCMS and Security Audit log

I have seen a huge number of companies who do not use SM19/SM20 or RZ20. It is not configured. example I worked for 3 clients(user base 14000, 16000,1000) and none of them have this configuration.
Do you know why is it so if it is not configured at your place.
Thanks
Edited by: Pankaj Jain on Sep 26, 2009 7:02 PM

Performance impact is dependent on the Hardware sizing and the daily monitoring activities together with the back up schedule by the BASIS team.
My experience is: I have seen maximum of clients using this for logging activities of ALL users in the system. In other few cases, it is restricted to Super and Special users.
Please go through the document: [Security Audit Log|http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/2088d9d4-e011-2a10-bba9-90548dbc2d6a&overridelayout=true] (it's a bit Old)
Try searching Community with SM20 / SM19 / Security Audit Log search strings.
Regards,
Dipanjan

Similar Messages

  • "logon time" between USR41 and security audit log

    Dear colleagues,
    I got a following question from customer for security audit reason.
    > 'Logon date' and 'Logon time' values stored in table  USR41 are exactly same as
    > logon history of Security Audit Log(Tr-cd:SM20)?
    Table:USR41 saves 'logon date' and 'logon time' when user logs on to SAP System from SAP GUI.
    And the Security Audit Log(Tr-cd:SM20) can save user's logon history;
    at the time when user logged on, the security audit log is recorded .
    I tried to check SAP GUI logon program:SAPMSYST several ways, however,
    I could not check it because the program is protected even for read access.
    I want to know about specification of "logon time" between USR41 and security audit log,
    or about how to look into the program:SAPMSYST and debug it.
    Thank you.
    Best Regards.

    Hi,
    If you configure Security Audit you can achieve your goals...
    1-Audit the employees how access the screens, tables, data...etc
    Answer : Option 1 & 3
    2-Audit all changes by all users to the data
    Answer : Option 1 & 3
    3-Keep the data up to one month
    Answer: No such settings, but you can define maximum log size.
    4-Log retention period can be defined.
    Answer: No !.. but you can define maximum log size.
    SM19/SM20 Options:
    1-Dialog logon
    You can check how many users logged in and at what time
    2-RFC login/call
    Same as above you can check RFC logins
    3-Transaction/report start
    You can see which report or transaction are executed and at what time
    (It will help you to analyise unauthorized data change. Transactions/report can give you an idea, what data has been changed. So you can see who changed the data)
    4-User master change
    (You can see user master changes log with this option)
    5-System/Other events
    (System error can be logged using this option)
    Hope, it clear the things...
    Regards.
    Rajesh Narkhede

  • Blank Security Audit Log in SM20

    Dear Experts,
    The rec/client parameter is set 'OFF'. So no security audit log is generated in SAP. but still if as Security audit log is required is there any way to get the log from SAP from any of the standard report, program or table.
    << Moderator message - Everyone's problem is important. But the answers in the forum are provided by volunteers. Please do not ask for help quickly. >>
    thanks in advance,
    Rahul
    Edited by: Rob Burbank on Jan 14, 2011 4:44 PM

    Table logging and Security audit log are two different things. if rec/client parameter is disable then table logging will not possible. but if you need audit log then you have to enable it through SM19.
    Regards,
    Subhash

  • Security Audit Log SM19 and Log Management external tool

    Hi all,
    we are connecting a SAP ECC system with a third part product for log management.
    Our SAP system is composed by many application servers.
    We have connected the external tool with the SAP central system.
    The external product gathers data from SAP Security Audit Log (SM19/SM20).
    The problem is that we see, in the external tool,  only the data available in the central system.
    The mandatory parameters have been activated and the system has been restarted.
    The strategy of SAP Security Audit Log is to create many audit log file for each application server. Probably, only when SM20 is started, all audit files from all application servers are read and collected.
    In our scenario, we do not use SM20 since we want read the collected data in the external tool.
    Is there a job to be scheduled (or something else) in order to have all Security Audit Log available (from all application servers) in the central instance ?
    Thanks in advance.
    Andrea Cavalleri

    I am always amazed at these questions...
    For one, SAP provides an example report ( RSAU_READ_AUDITLOG_EXTERNAL ) to use BAPIs for alerts from the audit log yet 3rd party solutions seem to be alergic to using APIs for some reason.
    However, mainly I do not understand why people don't use the CCMS (tcode RZ20) security templates and monitor the log centrally from SolMan. You can do a million cool things in SolMan... but no...
    Cheers,
    Julius

  • SAP Security audit log and Profile Parameter rsau/enable

    Does the Profile Parameter rsau/enable have to ="1" for the audit log to be active or is this parameter set to purely allow the maintainance of static profiles. I have been reading into SAP's documentation and they only refer to this parameter in the "Maintaining Static Profiles" section. Therefore I would like to know if the audit log can record when the parameter rsau/enable = "0"?
    Many thanks

    Hi
    I have it running on my NW2004s sneak peak system, whit a dynamic filter and the rsau/enable = 0. So Yes - it's possible to record in the secure audit log with rsau/enable = "0", if your using the dynamic filters
    Regards
    Morten Nielsen

  • How to schedule a batch job to generate security audit log (SM20)

    May be this is a repeat question for this forum. Apologize, if it is. Is there a way to schedule a batch job to generate security audit log (SM20) automatically and possibly send a message to SAP Inbox or generate a spool request? Release is 4.6C.
    Regards
    Nirmal

    > May be this is a repeat question for this forum. Apologize, if it is.
    You don't need to apologize. You only need to do a very simple search...
    > Total Questions:  18 (16 unresolved) 
    Perhaps 16 of those 18 questions you have not followed up on could have been spared as well?
    Please do the needfull.
    Cheers,
    Julius

  • Getting the name of the program or the FM called from security audit log

    Dears,
    Is there a way to get the name of the ABAP program called through transaction SE38, or the FM called through transaction SE37, from the security audit log ?
    What is available is only : RSABAPPROGRAM for transaction SE38, and RSFUNCTIONBUILDER for transaction SE37
    Thanks.
    Reda

    I had always assumed this log to be in the SUBMIT statement, but never used it.
    If I remember correctly this is recorded it the runtime submit, so it should be there.
    Perhaps it is only in selected reports? I will check in my system.
    Please compare with sm20n and run the report from sa38. The submits are different in sa38 etc compared to se38.
    The FM will only be recorded it it has a destination extention in the source system which is mostly remote. Local fm calls are not recorded for sure.
    Cheers,
    Julius
    Edited by: Julius Bussche on Jul 26, 2011 11:32 PM

  • Weu0092d like to get Custom reports. The base of reports is Security Audit Log

    We’d like to get Custom reports. The base of reports is Security Audit Log files. This is files for SM20.
    What does the file structure look like? What is field of it?
    Thanks!

    Hello Marina
    The data written to the security audit log correspond to the DDIC structures RSLGENTR (up to release 4.6) and RSAUENTR2 (in newer releases). DDIC structures can be viewed using TA SE11 (data type).
    As I can see you have already opened a thread regarding this. Please don't duplicate the threads, as this only widespreads the information.
    Regards,
    Désiré

  • Security audit log for the last 30 days?

    Hi,
    My current settings for the security audit log is 20 MB (by default).  I dont want to control it with file size limitation, but by the no. of days the audit is recorded (max 30 days).
    What are the parameters that I would need to maintain?
    Or any additinal config is required?
    Thanks,
    Abdul

    Hi,
    My current configuration is like this:
    Name                Description                                           Current value                                            System default value
    FN_AUDIT     Name of security audit file          audit_++++++++
    DIR_AUDIT     Directory for security audit files     /usr/sap/GSP/DVEBMGS00/log     /usr/sap/GSP/D00/log
    rsau/enable     Enable Security Audit          0
    rsau/max_diskspace/local     Maximum space for security audit file     300M     20M
    rsau/max_diskspace/per_day     Maximum size of all security audit files per day          0
    rsau/max_diskspace/per_file     Maximum size of one single security audit file          0
    rsau/selection_slots     Number of selection slots for security audit          2
    rsau/user_selection     Defines the user selection method used inside kernel functions          0
    I have just activated the audit, and in just 30 minutes, I can see that the file is about 45MB.  If this is the growth rate, the 300MB allocated for audit will completely used in just a day.
    My requirement is - I want to track users and their activities for the last 30 days (or 45 days).  No log should be overwritten unless it is atleast 30 days old.
    In SM20, when I give selection from 1.1.10 to 31.1.10, it should show me all the activities during this period, without any breaks.
    Other doubts: Do I have to start auditing manually every day?  Or will it keep writing logs until it reaches 300 MB which can spread upto multiple days.
    Regards
    Abdul
    Edited by: Abdul Rahim Shaik on Feb 4, 2010 11:17 AM

  • Performance issue of Security Audit log

    Hello,
              My client would like to activate the Security Audit log on his system. However he will like to know whether there could be any performance issue when activating it. Since I do not have any prior experience, can you please give me your general feedback on this subject. Have any of you experience performance issue when implementing security audit log and what can be done to minimize its effect?

    Hai,
    Activating Security Audit logs will not affect the performance of your SAP system. Since SAP Systems maintain their audit logs on a daily basis. The system does not delete or overwrite audit files from previous days; it keeps them until you manually delete them. Due to the amount of information that may accumulate, you should archive these files on a regular basis and delete the originals from the application server. This is the only thing you really need to take care since they might fill up the disk space if you dont archive or delete them on regular basis. Also since the data is very sensitive you should take extra care to protect the data.
    Please follow the below links for more details.....
    http://help.sap.com/saphelp_nw04/helpdata/EN/95/d2a8e36d6611d1a5700000e835363f/frameset.htm
    http://www.saptechies.com/faq-answers-to-questions-about-the-security-audit-log/
    Regards,
    Yoganand.V

  • Security audit log doesn't capture services

    Hello I am posting this on behalf of Carol, Would you please be kind on helping her?
       After the upgrade to ECC the t-codes for the ESS functions were
    changed to services that run via the portal.  We need to find where the
    audit data is logged for these services.  Below are some of the t-codes
    which are now run via the new service name.
    PZ02##sap.com/essusaddr/Per_Address_US
    PZ03##sap.com/essusbank/Per_Bank_US
    PZ10##sap.com/essusw4/Per_W4_US
    PZ11_PDF#sap.com/ess~rem/PaySlip2
    PZ18##Z_WDA_HR_EMRG_CONTACT
    A search of notes with 'security audit log' hasn't turned up any new
    information. 
    Carol

    Hi Ricardo,
    check the notes:
    [544708|https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=544708] - Changed password rules prevent ITS-based logon
    [872773|https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=872773] - Changed password rules and ITS-based logon
    Alternatively use the search terms "ESS Scenario PZ02/ Personal data" .. you might get some related notes.
    Regards,
    Srihari

  • Security Audit Log - Different Files

    Hello gurus,
    I configured the security audit log of the AS java in our portal system.
    But i want a dynamic configuration like SM20 - SM19 in R/3 systems. I want to have audit<the date>.log file format. For
    example audit041608.log for 04.16.2008
                 audit041708.log for 04.17.2008
    Is this possible?
    <removed_by_moderator>
    Best regards
    Tolga
    Edited by: Julius Bussche on Apr 16, 2008 2:43 PM

    Thanks for your answer.
    I think I am misunderstood or I am misunderstanding
    Let me explain a little bit more;
    I am trying to configure secaudit in our portal system and configure it in  such a way that the logs will
    be stored in secaudit log files day by day.
    I configured secaudit as a seperate file but after the size limit,
    it clears the logfile and starts to write on the same logfile.
    We could do this by adding a profile parameter;
    "FN_AUDIT = <SID>_<Instance_No>_audit_++++++++.AUD" in R/3 system.
    But how can i do this in a portal system if it is possible?
    Best regards
    Tolga
    Edited by: Tolga Akinci on Apr 17, 2008 4:24 PM

  • Security Audit Log Profile Parameter

    Hello People,
    I have been trying to find some information about the System Profile Parameters that are required for Security Audit Logs.
    Can someone please explain what the parameter rsau/max_diskspace/per_day means? All that the SAP documentation says is that it is the Maximum size of all security audit files per day
    My understanding was that the audit files are stored on the application server itself and only 1 file is generated everyday. How then, is this parameter used?
    Regards
    Joy

    Hi Joy,
    I do not think this parameter should have any adverse effect. Depends on your server's hard disk space availability.
    rsau/max_diskspace/local gives space for a single security audit file. When we say that rsau/max_diskspace/per_day
    gives space for all, by my understanding we are limiting the total space that these files can take up.
    The max size of single audit file is 2GB and total space for all i.e. rsau/max_diskspace/per_day is 1024 GB
    When maximum space limit is reached, logging terminated. Next day new file is created.
    Couldn't find more explanation.
    regards, Sean.

  • Monitoring Users (Trace or security-Audit-Log)

    Hi,
    we have 2 extrernal Users in our system and want to know, what they are "doing" in
    our Sytem (Tcode, Reports etc.).
    Is the best way to use security-Audit-Log (SM19/SM20) or to us etraces (ST01/ST05/ST11).
    Thanks for Help.
    regards, Dieter

    Hi Thomas,
    thanks for your answer. I try as you has mentioned.
    Regards, Dieter

  • Terminal - Security Audit Log analysis.

    I have enabled, security audit log for our landscape. But the terminal column is only of 8 characters in length.
    Whereas the names of terminals (Desktops and laptops) in my organisation is 15 character.
    Hence it is not possible to identify, from which particular workstation a transanction was executed.
    I am using SAP R/3 4.6C.
    Can anybody help?
    Regards,

    Thanks Eric,
    I too guessed the same...Because I have checked in ECC6...This shows ....the full name of the terminal.

Maybe you are looking for

  • How to open and view a demonstration file of MS Power Point 2010 on iPad 2?

    Hello! I've made a MS Power Point file for my boss, he is using an iPad 2 (iOS 4) But he can only open a static picture of the presentation, but he can't view the presentation step by step as it should be. Which app or feature should he use to see fu

  • Why can't I do cumulative edits, like in iPhoto 6?

    I've just bought a new iMac (Core i5) running the latest iPhoto (9). It has some useful improvements over iPhoto 6 which was the previous version I used, but one thing has gone - I can't do cumulative edits any more. In v6, I could sharpen a soft pic

  • JMS queue dynamic configuration

    I am trying to make a scenario, where we need to send a message to 4 different mq queues depending on a field value in the message. I am using the adapter specific parameter DCJMSReplyTo - the value of this parameter is set in a user defined function

  • Windows Transparent Key, Through the Window?

    Dear, Fellow-Coders I recently noticed if I try the transparent key and set it for example, pink and I have a pink background for my picture box.. And a image inside that box. Sure enough the pink is transparent, but instead of going to the image ben

  • HT1414 apps are gone on my iphone 5!

    i recently got the new iphone 5.  I had backed up my iphone 4 before restoring the iphone 5 as my phone.  everything synced up, but all my apps (aside from the apple apps) are gone.  how do i fix this?