If you use static filters, all of the application servers use identical filters for determining which events should be recorded in the audit log. You have to define filters only once for all application servers.
Profile Parameters for Setting Static Filters
rsau/enable This parameter enables the security audit log.
rsau/local/file This parameter defines the names and locations of the audit files (This was an optional parameter starting with 4.6C. It no longer exists in Web Application Server 6.30.)
rsau/max_diskspace/local This parameter defines the maximum space to allocate for the audit files.
rsau/selection_slots This parameter defines the number of filters to allow for the security audit log.
The figure shows the screen used to configure security audit filters.
Procedure
1. To access the Security Audit Log Configuration screen from the SAP standard menu, choose Tools -> Administration -> Monitor -> Security Audit Log -> Configuration.
The Security Audit: Administer Audit Profile screen appears with the Static configuration tab activated. If an active profile already exists, it is displayed in the Active profile field.
2. Enter the name of the profile to maintain in the Displayed profile field.
3. If you are creating a new audit profile, choose Profile -> Create. To change an existing profile, choose Profile -> Change.
The lower section of the screen contains tabs for defining filters. The number of tabs correspond to the value of the profile parameter rsau/selection_slots. Within each tab, you define a single filter.
4. Define filters for your profile.
5. Make sure the Filter active indicator is set for each of the filters you want to apply to your audit.
6. Save the data.
7. To activate the profile, choose Profile -> Activate.
8. Shut down and restart the application server to make the changes effective.
Result
The filters you define are saved in the audit profile. If you activate the profile and restart the application server, actions that match any of the active filter events are then recorded in the security audit log.
Note: On some UNIX platforms, you also need to clear shared memory by explicitly executing the program cleanipc. Otherwise, the old configuration remains in shared memory and the changes to the static profile do not take effect.
No comments:
Post a Comment