The security audit log keeps a record of security-related activities in SAP systems. This information is recorded daily in an audit file on each application server. To determine what information should be written to this file, the audit log uses filters, which are stored in memory in a control block. When an event occurs that matches an active filter (for example, a
transaction start), the audit log generates a corresponding audit message and writes it to the audit file. A corresponding alert is also sent to the CCMS alert monitor. Details of the events are provided in the security audit log.s audit analysis report, as shown in the figure:
Caution: SAP systems maintain their audit logs on a daily basis. The system does not delete or overwrite audit files from previous days; it keeps them until you manually delete them. Due to the amount of information that can accumulate, you should archive these files on a regular schedule and delete the originals from the application server. Use transaction SM18 to archive or delete old audit log files.
No comments:
Post a Comment