Preparing the Security Audit Log

Prerequisites

This procedure requires you to restart SAP NetWeaver Application Server (AS) ABAP. Plan for the required downtime while the AS ABAP restarts.

Context

Before you can configure the security audit log, you must set a number of parameters.

Procedure

Determine the type of security audit to run.
You specify the information you want to audit in filters that you can either:
- Create and save permanently in the database in static profiles
  
  Use this procedure to create profiles of security audit filters in the database of SAP NetWeaver Application Server (AS) ABAP. All nodes of a cluster use identical filters for determining which events to record in the audit log. Create profiles for different auditing scenarios. Once activated the AS ABAP loads the profile when the AS ABAP starts. The AS ABAP uses the filters defined in the profiles to write events to the security audit log.
- Change dynamically on one or more application servers
  
  Use this procedure to change the filter settings currently in use, without having to restart the AS ABAP. The system distributes these changes to all active application servers.

Configure the directory and file name for the security audit log.

The directory and file name are determined by the profile parameters listed in the table below. Use Maintain Profile Parameter (transaction RZ11).

Parameter	Description
DIR_AUDIT	Directory for security audit files
FN_AUDIT	Name of security audit file

Set the required kernel parameters in the Security Audit Log: Display Kernel Parameters screen (transaction SM19 in the Kernel Parameters tab).

The table below lists the kernel parameters.

Note

You can set these parameters as profile parameters in the application server's instance profile, but we recommend you set the parameters dynamically as kernel parameters in the security audit log configuration (transaction SM19 in the Kernel Parameters tab). Once set, the system ignores the profile parameters in the profile of the application server, with the exception of DIR_AUDIT and FN_AUDIT.

To enable the profile parameters, choose Delete to delete the kernel parameters.

To check your entries, choose Check Parameters .

For more information, choose Short Documentation in the Security Audit Log: Display Kernel Parameters screen.

Kernel Parameter	Description	Profile Parameter
Security Audit Active	Enables the use of static profiles for the security audit log. You can still create security audit logs with dynamic profiles, even if this parameter is disabled.	rsau/enable
Generic User Seelction	Defines the user selection method used inside kernel functions. Set this parameter to enable the use of ABAP patterns asterisk () for any character string, plus sign (+) for any single character, and number sign (#) to escape wildcards, spaces at the ends of strings, and such. Otherwise only asterisk () is a wildcard. Note To create an audit log for the user SAP, you must enable generic user selection and escape the asterisk. Enter `SAP#`.	rsau/user_selection
Number of Selection Filters	Number of filters to allow for the security audit log	rsau/selection_slots
One Audit File per Day	Select this option to allow only a single security audit file for the application server and enable the Maximum Size of Audit File parameter.	None
Maximum Size of Audit File	Maximum space for security audit file. Minimum 100 MB.	rsau/max_diskspace/local
Multiple Audit Files per Day	Select this option to allow multiple security audit files for the application server and enable the Maximum Size of an Audit File and Maximum Size of All Audit Files parameters.	None
Maximum Size of an Audit File	Maximum size of one single security audit file. Range 600-2048 MB.	rsau/max_diskspace/per_file
Maximum Size of All Audit Files	Maximum size of all security audit files per day. Must be 3 time the value of Maximum Size of an Audit File.	rsau/max_diskspace/per_day

Determine if you want to transport kernel parameters to other systems in your landscape.

To transport the kernel parameters to other systems in your landscape, choose .
Restart the AS ABAP.

Results

You can now configure static or dynamic profile as required.

Next Steps

Maintaining Static Profiles

Changing Filters Dynamically