Use
You specify the information you want to audit in filters that you can either:
If you use this option, all of the application servers use identical filters for determining which events should be recorded in the audit log. You only have to define filters once for all application servers.
You can also define several different profiles that you can alternatively activate.
With this option, you can dynamically change the filters used for selecting events to audit. The system distributes these changes to all active application servers.
This topic concentrates on dynamically changing filters. For information on defining filters in static profiles, see
Maintaining Static Profiles.These changes are active until they are changed or the application server is shut down.
Prerequisites
The following profile parameters must be set:
Audit Log Profile Parameters
Profile Parameter |
Description |
rsau/enable |
Enable the Security Audit Log |
rsau/local/file |
Names and locations of audit files |
rsau/max_diskspace/local |
Maximum space to allocate for the audit files |
rsau/selection_slots |
Number of filters to allow for the Security Audit Log |
Procedure
The Security Audit: Administer Audit Profile screen appears with the Static configuration tabstrip activated.
In the upper section of the screen, you receive a list of the active instances and their auditing status. The lower section of the screen contains tabstrips for maintaining filters.
If you receive a program failure, then make sure you have the authorization S_RFC with the value SECU in your authorization profile. (The system uses remote function calls to obtain a list of servers and therefore, you need the appropriate authorizations.)
Result
The audit filters are dynamically created on all active application servers. If you activate the profile(s), then any actions that match any of these filters are recorded in the Security Audit Log. Changes to the filter definitions are effective immediately and exist until the application server is shut down.