Show TOC

Preparing the Security Audit LogLocate this document in the navigation structure

Prerequisites

This procedure requires you to restart SAP NetWeaver Application Server (AS) ABAP. Plan for the required downtime while the AS ABAP restarts.

Context

Before you can configure the security audit log, you must set a number of parameters.

Procedure

  1. Determine the type of security audit to run.

    You specify the information you want to audit in filters that you can either:

    • Create and save permanently in the database in static profiles

      Use this procedure to create profiles of security audit filters in the database of SAP NetWeaver Application Server (AS) ABAP. All nodes of a cluster use identical filters for determining which events to record in the audit log. Create profiles for different auditing scenarios. Once activated the AS ABAP loads the profile when the AS ABAP starts. The AS ABAP uses the filters defined in the profiles to write events to the security audit log.

    • Change dynamically on one or more application servers

      Use this procedure to change the filter settings currently in use, without having to restart the AS ABAP. The system distributes these changes to all active application servers.

  2. Configure the directory and file name for the security audit log.

    The directory and file name are determined by the profile parameters listed in the table below. Use Maintain Profile Parameter (transaction RZ11).

    Parameter

    Description

    DIR_AUDIT

    Directory for security audit files

    FN_AUDIT

    Name of security audit file

  3. Set the required kernel parameters in the Security Audit Log: Display Kernel Parameters screen (transaction SM19 in the Kernel Parameters tab).

    The table below lists the kernel parameters.

    Note

    You can set these parameters as profile parameters in the application server's instance profile, but we recommend you set the parameters dynamically as kernel parameters in the security audit log configuration (transaction SM19 in the Kernel Parameters tab). Once set, the system ignores the profile parameters in the profile of the application server, with the exception of DIR_AUDIT and FN_AUDIT.

    To enable the profile parameters, choose Delete to delete the kernel parameters.

    To check your entries, choose Check Parameters.

    For more information, choose Short Documentation in the Security Audit Log: Display Kernel Parameters screen.

    Kernel Parameter

    Description

    Profile Parameter

    Security Audit Active

    Enables the use of static profiles for the security audit log. You can still create security audit logs with dynamic profiles, even if this parameter is disabled.

    rsau/enable

    Generic User Seelction

    Defines the user selection method used inside kernel functions. Set this parameter to enable the use of ABAP patterns asterisk (*) for any character string, plus sign (+) for any single character, and number sign (#) to escape wildcards, spaces at the ends of strings, and such. Otherwise only asterisk (*) is a wildcard.

    Note

    To create an audit log for the user SAP*, you must enable generic user selection and escape the asterisk. Enter SAP#*.

    rsau/user_selection

    Number of Selection Filters

    Number of filters to allow for the security audit log

    rsau/selection_slots

    One Audit File per Day

    Select this option to allow only a single security audit file for the application server and enable the Maximum Size of Audit File parameter.

    None

    Maximum Size of Audit File

    Maximum space for security audit file. Minimum 100 MB.

    rsau/max_diskspace/local

    Multiple Audit Files per Day

    Select this option to allow multiple security audit files for the application server and enable the Maximum Size of an Audit File and Maximum Size of All Audit Files parameters.

    None

    Maximum Size of an Audit File

    Maximum size of one single security audit file. Range 600-2048 MB.

    rsau/max_diskspace/per_file

    Maximum Size of All Audit Files

    Maximum size of all security audit files per day. Must be 3 time the value of Maximum Size of an Audit File.

    rsau/max_diskspace/per_day

  4. Determine if you want to transport kernel parameters to other systems in your landscape.

    To transport the kernel parameters to other systems in your landscape, choose Transport.

  5. Restart the AS ABAP.

Results

You can now configure static or dynamic profile as required.