You can use this monitor to monitor messages in the Security Audit Log, broken down into various areas, and to monitor security-relevant messages in the system log.
You must have activated the Security Audit Log (transaction SM19).
The monitor contains the following monitoring tree elements (MTEs):
MTE Name (MTE Class) | Meaning |
---|---|
Logon (SecurityLogon) |
System logon events reported by the Security Audit Log:
|
RFCLogon (SecurityRFCLogon) |
RFC/CPIC logon events reported by the Security Audit Log:
|
TransactionStart (SecurityTransactionStart) |
Transaction events reported by the Security Audit Log:
|
ReportStart (SecurityReportStart) |
Events connected with starting reports reported by the Security Audit Log:
|
RFCCall (SecurityRFCCall) |
Events connected with calling Remote Function Calls (RFCs) reported by the Security Audit Log:
|
UserMasterRecords (SecurityUserMasterRecords) |
Events connected with changes to user master records reported by the Security Audit Log:
|
System (SecuritySystem) |
Events connected to system parameter changes reported by the Security Audit Log:
|
Miscellaneous (SecurityMiscellaneous) |
Other events reported by the Security Audit Log:
|
System Log Messages (R3SyslogSecurity) |
Messages in the system log for the security category; you can set the category in which a message is reported, the message text, and the severity and criticality of the alert using the message ID in transaction SE92 |
The system records security-relevant actions in the Security Audit Log. You decide which actions are recorded there and which should trigger an alert in the Alert Monitor on the Security Audit Log configuration screen (transaction SM19).
To start the monitor, follow the procedure below: