Example
Filters
Typical scenarios for using the Security Audit Log include:
· Recording specific security-critical events, for example, to monitor logon attempts using the standard user SAP*.
· Recording the activities that a specific user executes, for example, to monitor the activities performed by a remote support user.
Filter for Recording All Security-Critical Events
To set up a filter for recording all security-critical events, define a static filter with the following criteria defined:
|
Field or Group |
Entry |
|
Client |
* |
|
User |
* |
|
Audit classes |
Activate all classes |
|
Events |
Select Only critical |
All critical events will be recorded for all users in all clients.
See the graphic below.
You can define the filter more specifically by choosing individual audit classes or entering more detailed data (for example, by entering SAP* as the User name.) Choose Detailed display to even more specifically define the various events to audit.
Filter for Recording Activities Performed by a Specific User
To set up a filter for recording security-critical events, define a dynamic filter with the following criteria defined:
|
Field or Group |
Entry |
|
Client |
<client> |
|
User |
<user_ID> |
|
Audit classes |
Activate all classes |
|
Events |
All |
By defining the filter as dynamic, you can activate the filter for the time frame that the user works in the system and deactivate it when the user is finished (for example, for a remote support user).
The graphic below shows a filter that is activated to monitor the activities performed by the user SUPPORT in client 450.
