Increase retention period of  Audit logs.

Similar Messages

• Archiving and different Retention period by  specific interface

  We want to specify different Retention period for different interfaces (audit reasons)... and based on search in SDN, it does not seem like this is  supported by SAP...
  Do any of you know if SAP intends to support this in future? Any ideas for overcoming this gap? or is this limitation deliberate (and has been kept in place for a reason)?

  Hi Krish,
  Actually I don't think we have this option of setting the retention period for specific interfaces,
  but for the global interfaces in the system.
  If you want to increase the time for Audit Log messages you need to change parameter 'messaging.auditLog.memoryCache' to false in order to persist the audit logs in PI 7.1 system. Take a look at note #1314974 for more details.
  And notice that after changing the parameter to false, audit logs are persisted till the corresponding messages are deleted. The default retention period of messages on AE is 30 days, keep in mind that it could have a little impact on the data volume.
  To increase the retention time in AFW, go to:
  Services -> XPI Adapter: XI:
  "xiadapter.outbound.persistDuration.default"
  "xiadapter.inbound.persistDuration.default"
  For the Integration Engine, it's under SXMB_ADM -> Integration Engine Configuration and Configuration.
  Regards,
  Caio Cagnani

• How to change the retention period of os watcher log,

  How to change the retention period of os watcher log, by default it is 7 days. but in our exadata env. automatically oswatcher logs are deleted , so i want to check the retention period.
  Regards,
  Ani

  Hi Ani,
  Go to :- /opt/oracle.cellos/validations/init.d/oswatcher
  Open the file "oswatcher" file.check for the line "/startOSW.sh X Y Z". Where X is the snapshot interval
  make the change and you are done
  Regards,
  Sunil Bhola

• Archive purchase document  log -  Retention period not maintained

  Hello Everybody,
     I have been trying to archive the Purchase document, I have also set the Retention period is 0 (Zero), but  when i archive the some Purchase document, it is give log like that
  Object                                                     Message
  4700000053 00010                                           Retention period not maintained
  4700000066 00010                                           Retention period not maintained
  4700000079 00010                                           Retention period not maintained
  So please suggest me how to solve the problem
  Thanks

  Solved, by archiving

• How to adjust SM21 logs retention Period

  Hi,
  My requirement it to get the system logs for minimum for 5 months,
  i have set the parameter "rslg/max_diskspace/central"
  but still i am getting the logs for 13 days only.
  So please let me know the exact clean up job name for SM21 log,
  so that i can adjust the retention period.
  and also do i need to adjust the parameter "rslg/max_diskspace/local" too to get the required SM21 logs?
  Regards,

  hi,
  For the list of standard jobs please refer this sap note
  16083    Standard jobs, reorganization jobs
  1411877 New standard jobs
  For the system log details please refer this points
  1. The local system log file
  a) File names
  The local system log file that is written to each application server is determined by the profile parameter  rslg/local/file.
  The name of the file is usually SLOG<inr>, where <inr> is the instance number. Therefore, the name is SLOG77, for example.
  In most systems, the profile parameter rslg/local/old_file  is also set and points to a file SLOGO<inr>. This 'old' local system log file is not created by default. Instead, the current local system log file is written 'in a circle'.
  b) File size
  'Writing in a circle' means the following: If the file has reached the maximum size (profile parameter rslg/max_diskspace/local), the system overwrites the oldest entry with the latest entry and so on. The local system log file always has the same file size as of this moment. The profile parameter rslg/max_diskspace/local describes the maximum file size in bytes. If you switch from non-Unicode to Unicode, you must double the value of this profile parameter.
  The central system log file
  a) File names
  The profile parameter rslg/central/file describes the name of the current central system log file, and the profile parameter
  rslg/central/old_file describes the name of the 'old' central system log file.
  b) Size of files
  The profile parameter  rslg/max_diskspace/central specifies a size in  bytes. If the current system log file has reached half of this size, it  is copied to rslg/central/old_file, and a new current central system log file is started.
  Additionally refer this note
  862  Reduce size of system log file
  Regards,
  Naveen.
  Edited by: Naveen Kumar on Mar 5, 2012 2:18 PM

• Automatic User Device Affinity - Audit logs retention

  Hello,
  We have problems on generating primary user info on a lot Computers and we suspect that problem is because audit logs are kept for too short time.
  So the config is following:
  1) User device affinity threshold (minutes): 2880
  2) User device affinity threshold (days): 30
  So there are two questions:
  1) For how long do we need to keep audit logs on SCCM client to successfully generate user device affinity;
  2) How long do we need to wait till information populates in SCCM DB?
  Thanks,
  Pēteris

  Also from UserAffinity.log I can see that information is sent with state messages:
  "Found same state message existing. (was sent before) Skip sending same state message for user"
  Hi,
  You could try to delete state message about the user in WMI on a client to see if user device affinity could be populated. That is stored in root\ccm\statemsg -> Enum Classes -> Recursive -> double-click CCM_StateMsg -> Instances. There
  should be messages that contain "domain/user_Auto".
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Mailbox auditing log search only shows last 7 days

  I have mailbox auditing turned on for a mailbox, and the audit log age limit is set to 90 days.  When I run the non admin user access report however it only shows me auditing items for the past 7 days.  If i go to powershell, and run search-mailboxauditlog
  it shows the same 7 days. Any suggestions?

  http://technet.microsoft.com/en-us/library/ff459237(v=exchg.150).aspx
  Mailbox audit logs are generated for each mailbox that has mailbox audit logging enabled. Log entries are stored in the Audits subfolder of the audited mailbox Recoverable Items folder. This ensures that all audit logs are available from a single location,
  regardless of which client access method was used to access the mailbox or which server or workstation an administrator used to access the mailbox audit log. If you move a mailbox to another Mailbox server, the mailbox audit logs for that mailbox are also
  moved because they're located in the mailbox.
  By default, mailbox audit log entries are retained in the mailbox for 90 days and then deleted. You can modify this retention period by using the
  AuditLogAgeLimit parameter with the
  Set-Mailbox cmdlet. If a mailbox is on In-Place Hold or litigation hold, audit log entries are only retained until the audit log retention period for the mailbox is reached. To retain audit log entries longer, you have to increase the retention period by
  changing the value for the AuditLogAgeLimit parameter, or export audit log entries before the retention period is reached.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• "logon time" between USR41 and security audit log

  Dear colleagues,
  I got a following question from customer for security audit reason.
  > 'Logon date' and 'Logon time' values stored in table  USR41 are exactly same as
  > logon history of Security Audit Log(Tr-cd:SM20)?
  Table:USR41 saves 'logon date' and 'logon time' when user logs on to SAP System from SAP GUI.
  And the Security Audit Log(Tr-cd:SM20) can save user's logon history;
  at the time when user logged on, the security audit log is recorded .
  I tried to check SAP GUI logon program:SAPMSYST several ways, however,
  I could not check it because the program is protected even for read access.
  I want to know about specification of "logon time" between USR41 and security audit log,
  or about how to look into the program:SAPMSYST and debug it.
  Thank you.
  Best Regards.

  Hi,
  If you configure Security Audit you can achieve your goals...
  1-Audit the employees how access the screens, tables, data...etc
  Answer : Option 1 & 3
  2-Audit all changes by all users to the data
  Answer : Option 1 & 3
  3-Keep the data up to one month
  Answer: No such settings, but you can define maximum log size.
  4-Log retention period can be defined.
  Answer: No !.. but you can define maximum log size.
  SM19/SM20 Options:
  1-Dialog logon
  You can check how many users logged in and at what time
  2-RFC login/call
  Same as above you can check RFC logins
  3-Transaction/report start
  You can see which report or transaction are executed and at what time
  (It will help you to analyise unauthorized data change. Transactions/report can give you an idea, what data has been changed. So you can see who changed the data)
  4-User master change
  (You can see user master changes log with this option)
  5-System/Other events
  (System error can be logged using this option)
  Hope, it clear the things...
  Regards.
  Rajesh Narkhede

• Issue with Audit Log report in SharePoint 2010

  I have enabled REPORTING feature at site collection level and configured the site collection audit settings. I tried to generated Audit log reports, most of the time it keeps on processing as shown in fig.It
  keeps on processing, never comes to report generated successful message. how to overcome this issue?

  i'm facing same issue, even when i tried to generate report for limited limited period(5 days) for a particular event(ex: delete or restore items (or) edit items).
  I think, the below reference may guide you solve your issue
  http://sharepoint.stackexchange.com/questions/17151/how-often-should-the-auditing-log-be-cleared-to-not-affect-performance
  Sekar - Our life is short, so help others to grow
  Whenever you see a reply and if you think is helpful, click "Vote As Helpful"! And whenever
  you see a reply being an answer to the question of the thread, click "Mark As Answer

• E-Recruiting 6.0: Expiry & Retention Periods

  Hi Experts,
  Expiration Period
  Definition: It indicates the maximum period of time an application & the person-related data of the associated candidate may be saved in the system once the recruitment process has been completed.  The process is completed when the application status is set to 'rejected' or 'withdrawn'.
  Question (1):
  If I set the period to be 12 months, after 12 months, what happens to my applications?  Will the system automatically deletes it? How does the system actually works based on the config for this parameter?
  Retention Period
  Definition: It indicates how long a requisition and all related information (applications, applicant data, activities, audit trails etc) must be retained before they can be deleted.
  Question (2):
  I have set it to 12 months. But when i tried deleting a requisition which I have created, the system still allows it.  Can anyone share with me how does the system reacts based on my settings?
  Thanks in advance.
  William

  Well the functionality is not consistent.
  If you maintain periods of time for retention on a requisition, the workflow calculates a retention limit date for an application when it is rejected. It will never be updated automatically.
  A check on retention dates when deleting an requisition is not implemented. I checked the code but did not find anything.
  The only check on this date, which will be than in the candidacy information (hrp5133), is in report:
  RCF_DELETE_EXT_CAND
  Regards

• BOE XI 3.1 Removing Audit log files

  Hi there experts,
  we have an issue with our production BOE install (3.1 SP7) whereby we have over 39,000 audit log files awaiting processing in the BOE_HOME/auditing folder. These audit files were generated a few months back when we had an issue with the system whereby thousands of scheduled events were created, we are not sure how. The removal of these events has had a knock on effect in that we have too many audit files to process, ie the system just cant process them all quickly enough.
  So my question is can we just remove these audit files from the auditing directory with no knock on effects as we dont need them loading into the audit database anyways as they are all multiples of the same event.
  As an aside when we upgraded from SP3 to SP7 the problem went away, ie no new audit files for these delete events being generated. We are still to establish how/why these audit events were created but for the time being we just want to be able to remove them. Unfortunately as its a production system we don't want to just take a chance and remove them without some advice first.
  thanks in advance
  Scott

  Is your auditing running now? Or still pending? Can you check in Audit DB, what is the max(audit_timestamp? This will tell you when was the recent actvitiy happened.
  Deleting the audit files, will not harm to your BO system. You will not be able to see auditing details for that period.
  Is the new auditing files are processed? or you still see the files created in auditing folder without processing?
  If the auditing file size shows 0 okb, than it means they were processed.

• Usage Report and Audit Log report showing different totals

  I am trying to understand the differences displayed in two similar reports. The first report is an 'Audit Log' Report and it is displaying the number of Resource Account creations over a time period. The second report is a Usage Report using the exact same criteria (objectType = Resource Account and Action = Create). The totals I get back are VASTLY different. Can anyone explain? Is this a known bug?

  Hi,
  In any report we don't show the storage policies information. In Cost report if the storage policies have different rate factors then we will show the split for the storage information. But in usage report , rate factors will not be applicable as we don''t show the cost details. Hope this clarifies your question. Please let us know if you need more information.
  Thanks,
  Lakshmi

• Job log, audit log

  Hi.
  Are there any log files to delete manually periodic?
  I know the log files are deleted by standard delete job scheduled in Tr-cd SM36.
  How about the JOB log, and audit log?
  regards,

  Apart from SM36 standard logs,
  you might want to re-orgnaize log/trace files in various directories:
  /local/data/interface - generally the interface directory
  /usr/sap/<SID>/../work - Work process trace files etc.
  Regards,
  Siddhesh

• Audit log capacity

  As auditing can be enabled and it keeps the audit logs. Is there a setting for audit retention configuration as well as size configuration. Also how uch space it occupied with average audit capabilities and how much is the growth.
  This topic not much covered in docs. So I want to know from you guys as you must be having enough experience. Is there a criteria which can be used to plan database. Does it go to a seperate database table?
  Any pointers can also be helpful.

  The job 'Trims audit trail entries from site collections.'
  It runs by defualt every month, which means you need to adjust the schedule so that it runs weekly so that it'll pick up your accelerated audit rules.
  This is the job that exports the data to Excel and cleans up the entries from the database.

• Audit Log Report generating an "Out of Memory" error message.

  Greetings. We are a new IDM customer. We are running IDM 6.0 with an Oracle database. We are now getting the following error message when we run the IDM Audit Log Report for Today's Activities:
  "java.lang.OutOfMemoryError".
  How do we increase the memory setting for reporting? Thanks.

  Hi,
  I am also getting the same error. I have netbeans with tomcat andi modified the setting the netbeans.conf to
  netbeans_default_options="-J-Xms32m -J-Xmx750m -J-XX:PermSize=32m -J-XX:MaxPermSize=750m -J-Xverify:none -J-Dapple.laf.useScreenMenuBar=true"
  i have 896MB of RAM. However, the error is still showing up? Any ideas on how to resolve this?
  Thanks,