Show TOC

Displaying the Audit Analysis ReportLocate this document in the navigation structure

Context

The security audit log produces an audit analysis report that contains the audited activities. By using the audit analysis report you can analyze events that have occurred and have been recorded on host servers of SAP NetWeaver Application Server (AS) ABAP.

Procedure


  1. Start Analysis of Security Audit Log (transaction SM20).

    The left side displays the host servers of the AS ABAP. The first server in the list is typically the host to which you are currently connected. The right side offers the section criteria for the evaluation process.

  2. Select servers to include in the analysis.

    By default, the analysis report evaluates all servers.

  3. Enter any restrictions to apply to the audit analysis report.

    For example, From Date/Time, To Date/Time, User, Audit Classes, or Events).

    The following list is a subset of options available for restricting the audit analysis report:

    • To hide less important messages, choose the Events tab and select the event severity.

      Events are classified into three categories, critical, severe, and non-critical, with critical being the most important. You can view critical events only, severe and critical events, or all events.

    • To include or exclude specific messages, choose the Detail Sel. pushbutton and select messages.

    • To search within the variable part of audit log messages, choose the Extra tab and enter the text you are looking for in the Open Text Search field.

      For example, a logon message includes a variable for the user ID of the user who logged on. With this option, you can search for the user ID. You cannot search for the hard-coded part of the message.

    • To modify the output format, choose the Format tab and enter a list variant or limit the output..

  4. Read the security audit log.

    Choose one of the following options:

    • Re-read audit log

      Initially reads or replaces a previously read log.

    • Re-display only

      Displays the last audit log you read. For example, you can change the Selection options to modify the audit analysis report without having to re-read the log.

    • Read audit log

      Merges new information using different selection criteria with the current information in the audit analysis report.

      Note

      The Audit Log Entries Read field indicates the number of log entries the system has read from the log file. When you first enter the Analysis of Security Audit Log initial screen, this field is set to 0.

Results

The result is the audit analysis report containing the messages that correspond to your selection criteria. By selecting an individual message, you can view more detailed information.

For more information, see Reading the Audit Analysis Report.