Changing Filters Dynamically 
You can dynamically change the filters used for selecting events to audit. The system distributes these changes to all active application servers. These filters remain active until you deactivate them or SAP NetWeaver Application Server (AS) ABAP restarts. Once activated, dynamic filters overwrite any filter settings from static profiles.
Use this procedure to change the filter settings currently in use, without having to restart the AS ABAP. To set up permanent audit logs, use the filters of the static profiles.
Prerequisites
You have configured the required profile parameters.
For more information, see Preparing the Security Audit Log.
You have been assigned a role with the authorization S_RFC with the value SECU in your authorization profile.
The system uses remote function calls to obtain a list of server nodes and therefore, you need the appropriate authorizations.
Procedure
Start Security Audit: Display Configuration of All Instances (transaction SM19 and choose the Dynamic Configuration tab).
Choose
Configuration 
Display <-> Change 
.Define filters for the application server.
For more information, see Defining Filters.
Select the Filter active checkbox for each of the filters you want to apply to the audit on the AS ABAP.
To distribute the filter definition to the application servers, choose
Configuration Activate Audit and confirm that you want the filter configuration distributed to all application servers.
NoteIf you receive a program failure, then make sure you have the authorizations listed in the prerequisites.
End of the note.
Result
The system creates the new audit filters on all active application servers. If you activate the profiles, then the system records any actions that match any of these filters in the security audit log. Changes to the filter definitions are effective immediately and exist until the application server is shut down. Any servers that start after you have activated dynamic filters uses the filters of any active static profiles.