Security Audit LogThe Security Audit Log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. By activating the audit log, you keep a record of those activities you consider relevant for auditing. You can then access this information for evaluation in the form of an audit analysis report.
Security Audit Log
- The Design of the Security Audit Log
- Comparing the Security Audit Log and the System Log
- Maintaining Static Profiles
- Changing Filters Dynamically
- Defining Filters
- Displaying the Audit Analysis Report
- Reading the Audit Analysis Report
- Deleting Old Audit Files
- Security Alerts in the CCMS Alert Monitor
- Viewing Security Alerts
- Reading Security Alerts Using BAPIs
- The Audit Log Display Options
- Example Filters
The Security Audit Log keeps a record of security-related activities in SAP Systems. This information is recorded daily in an audit file on each application server. To determine what information should be written to this file, the audit log uses filters, which are stored in memory in a control block. When an event occurs that matches an active filter (for example, a transaction start), the audit log generates a corresponding audit message and writes it to the audit file. A corresponding alert is also sent to the CCMS alert monitor. Details of the events are provided in the Security Audit Log's audit analysis report.
SAP Systems maintain their audit logs on a daily basis. The system does not delete or overwrite audit files from previous days; it keeps them until you manually delete them. Due to the amount of information that may accumulate, you should archive these files on a regular basis and delete the originals from the application server
Reading Security Alerts Using BAPIs
The security alerts are also available to external programs using BAPIs (Business Application Programming Interfaces). The report RSAU_READ_AUDITLOG_EXTERNAL is a sample SAP program that you can use as a template for accessing the security alerts using BAPIs.