Show TOC

Security Audit LogLocate this document in the navigation structure

Use

The security audit log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP system. By activating the audit log, you keep a record of those activities you consider relevant for auditing. You can then access this information for evaluation in the form of an audit analysis report.

The main objective of the audit log is to record the following:

  • Security-related changes to the SAP system environment (for example, changes to user master records)

  • Information that provides a higher level of transparency (for example, successful and unsuccessful logon attempts)

  • Information that enables the reconstruction of a series of events (for example, successful or unsuccessful transaction starts)

Specifically, you can record the following information in the security audit log:

  • Successful and unsuccessful dialog logon attempts

  • Successful and unsuccessful RFC logon attempts

  • RFC calls to function modules

  • Successful and unsuccessful transaction starts

  • Successful and unsuccessful report starts

  • Changes to user master records

  • Changes to the audit configuration

  • Other events that do not belong to the categories mentioned above. These include:

    • Activation/Deactivation of HTTP security session management or if HTTP security sections were hard exited

    • File downloads

    • Access to the file system that coincides with the valid logical path and file names specified in the system

      This is particularly helpful in an analysis phase to determine where access to files takes place before activating the actual validation.

    • Internet Communication Framework (ICF) Recorder entries or changes to the administration settings

    • The use of digital signatures performed by the system

    • Viruses found by the Virus Scan Interface

    • Errors that occur in the Virus Scan Interface

    • Unsuccessful password checks for a specific user in a specific client

Implementation Considerations
Caution

The security audit log contains personal information that may be protected by data protection regulations. Before using the security audit log, make sure that you adhere to the data protection laws that apply to your area of application!

Integration

With the security audit log, SAP systems keep records of all activities corresponding to designated filters.

For more information about the technical aspects of the audit log, see The Design of the Security Audit Log.

The security audit log complements the system log; however, the security audit log has a slightly different purpose and a different audience.

For more information, see Comparing the Security Audit Log and the System Log.

Activities

  • Define filters to enable auditing and configure the information you want to audit.

    For more information, see Defining Filters.

  • Display audit analysis reports.

    You can view the recorded information as desired. You can view everything that you have logged, or you can select a sub group (for example, certain transactions or certain users).

    For more information, see Displaying the Audit Analysis Report.

  • Delete old audit files.

    For more information about archiving and deleting your audit files, see Deleting Old Audit Files.