Entering content frameFunction documentation Security Monitor Locate the document in its SAP Library structure

Use

You can use this monitor to monitor messages in the Structure linkSecurity Audit Log, broken down into various areas, and to monitor security-relevant messages in the system log (see also Structure linkComparing the Security Audit Log and the System Log).

Prerequisites

You must have activated the Security Audit Log (transaction SM19).

This graphic is explained in the accompanying text

Features

The following table provides information about the monitoring tree elements (MTEs) of this monitor:

MTE

Description

Logon

System logon events reported by the Security Audit Log:

  • Successful logons, unsuccessful logon attempts, and log offs by a user
  • Locking of a user due to unsuccessful logon attempts, and the removal of the lock

RFCLogon

RFC/CPIC logon events reported by the Security Audit Log:

  • Successful RFC/CPIC logon
  • Unsuccessful RFC/CPIC logon attempt

TransactionStart

Transaction events reported by the Security Audit Log:

  • Transaction started and failed transaction start
  • Transaction locked or unlocked

ReportStart

Events connected with starting reports reported by the Security Audit Log:

  • Successful start
  • Failed start

RFCCall

Events connected with calling Remote Function Calls (RFCs) reported by the Security Audit Log:

  • Successful call
  • Unsuccessful call

UserMasterRecords

Events connected with changes to user master records reported by the Security Audit Log:

  • User deleted, locked, or unlocked
  • User master or authorizations of a user changed
  • Authorization/authorization profile created, changed, or deleted

System

Events connected to system parameter changes reported by the Security Audit Log:

  • Configuration of the Security Audit Log changed
  • Application server started or stopped

Miscellaneous

Other events reported by the Security Audit Log:

  • Download of a file
  • Call of a digital signature
  • Test message

System Log Messages

Messages in the Structure linksystem log for the security category; you can set the category in which a message is reported, the message text, and the severity and criticality of the alert using the message ID in transaction SE92

The system records security-relevant actions in the Security Audit Log. You decide which actions are recorded there and which should trigger an alert in the Alert Monitor on the Security Audit Log configuration screen (transaction SM19).

See also Structure linkDefining Filters

Activities

To start the monitor, follow the procedure below:

  1. Start the Alert Monitor using transaction RZ20 or choose CCMS ® Control/Monitoring ® Alert Monitor.
  2. On the CCMS Monitor Sets screen, expand the SAP CCMS Monitor Templates set.
  3. Start the Security monitor from the list by double clicking it.
Leaving content frame