This procedure requires you to restart SAP NetWeaver Application Server (AS) ABAP. Plan for the required downtime while the AS ABAP restarts.
Before you can configure the security audit log, you must set a number of parameters.
You specify the information you want to audit in filters that you can either:
Create and save permanently in the database in static profiles
Use this procedure to create profiles of security audit filters in the database of SAP NetWeaver Application Server (AS) ABAP. All nodes of a cluster use identical filters for determining which events to record in the audit log. Create profiles for different auditing scenarios. Once activated the AS ABAP loads the profile when the AS ABAP starts. The AS ABAP uses the filters defined in the profiles to write events to the security audit log.
Change dynamically on one or more application servers
Use this procedure to change the filter settings currently in use, without having to restart the AS ABAP. The system distributes these changes to all active application servers.
The directory and file name are determined by the profile parameters listed in the table below. Use Maintain Profile Parameter (transaction RZ11).
Parameter |
Description |
---|---|
DIR_AUDIT |
Directory for security audit files |
FN_AUDIT |
Name of security audit file |
The table below lists the kernel parameters.
You can set these parameters as profile parameters in the application server's instance profile, but we recommend you set the parameters dynamically as kernel parameters in the security audit log configuration (transaction SM19 in the Kernel Parameters tab). Once set, the system ignores the profile parameters in the profile of the application server, with the exception of DIR_AUDIT and FN_AUDIT.
To enable the profile parameters, choose to delete the kernel parameters.
To check your entries, choose .
For more information, choose in the Security Audit Log: Display Kernel Parameters screen.
Kernel Parameter |
Description |
Profile Parameter |
---|---|---|
Security Audit Active |
Enables the use of static profiles for the security audit log. You can still create security audit logs with dynamic profiles, even if this parameter is disabled. |
rsau/enable |
Generic User Seelction |
Defines the user selection method used inside kernel functions. Set this parameter to enable the use of ABAP patterns asterisk (*) for any character string, plus sign (+) for any single character, and number sign (#) to escape wildcards, spaces at the ends of strings, and such. Otherwise only asterisk (*) is a wildcard. Note
To create an audit log for the user SAP*, you must enable generic user selection and escape the asterisk. Enter SAP#*. |
rsau/user_selection |
Number of Selection Filters |
Number of filters to allow for the security audit log |
rsau/selection_slots |
One Audit File per Day |
Select this option to allow only a single security audit file for the application server and enable the Maximum Size of Audit File parameter. |
None |
Maximum Size of Audit File |
Maximum space for security audit file. Minimum 100 MB. |
rsau/max_diskspace/local |
Multiple Audit Files per Day |
Select this option to allow multiple security audit files for the application server and enable the Maximum Size of an Audit File and Maximum Size of All Audit Files parameters. |
None |
Maximum Size of an Audit File |
Maximum size of one single security audit file. Range 600-2048 MB. |
rsau/max_diskspace/per_file |
Maximum Size of All Audit Files |
Maximum size of all security audit files per day. Must be 3 time the value of Maximum Size of an Audit File. |
rsau/max_diskspace/per_day |
To transport the kernel parameters to other systems in your landscape, choose .
You can now configure static or dynamic profile as required.