Show TOC Start of Content Area

Component documentationSecurity Audit Log  Locate the document in its SAP Library structure

Purpose

The Security Audit Log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP system. By activating the audit log, you keep a record of those activities you consider relevant for auditing. You can then access this information for evaluation in the form of an audit analysis report.

The audit log's main objective is to record:

·        Security-related changes to the SAP system environment
(for example, changes to user master records)

·        Information that provides a higher level of transparency
(for example, successful and unsuccessful logon attempts)

·        Information that enables the reconstruction of a series of events
(for example, successful or unsuccessful transaction starts)

Specifically, you can record the following information in the Security Audit Log:

·        Successful and unsuccessful dialog logon attempts

·        Successful and unsuccessful RFC logon attempts

·        RFC calls to function modules

·        Successful and unsuccessful transaction starts

·        Successful and unsuccessful report starts

·        Changes to user master records

·        Changes to the audit configuration

      Other events that do not belong to the categories mentioned above. These include:

¡        Activation/Deactivation of HTTP security session management or if HTTP security sections were hard exited

¡        File downloads

¡        Access to the file system that does coincide with the valid logical path and file names specified in the system.

This is particularly interessant in an analysis phase to determine where access to files takes place before activating the actual validation.

       Internet Communication Framework (ICF) Recorder entries or changes to the administration settings

       The use of digital signatures performed by the system

       Viruses found by the Virus Scan Interface

       Errors that occur in the Virus Scan Interface

       Unsuccessful password checks for a specific user in a specific client

       Change to security check settings during export

       Identification of transport requests that contain security-critical objects

Implementation Considerations

Caution

The Security Audit Log contains personal information that may be protected by data protection regulations. Before using the Security Audit Log, make sure that you adhere to the data protection laws that apply to your area of application!

Integration

With the Security Audit Log, SAP systems keep records of all activities corresponding to designated filters.

For a detailed description on the technical aspects of the audit log, see The Design of the Security Audit Log.

The Security Audit Log complements the system log; however, the Security Audit Log has a slightly different purpose and a different audience (see Comparing the Security Audit Log and the System Log).

Activities

For more information about the various activities that you need to perform when using the Security Audit Log, see:

      Defining Filters to enable auditing and configure the information you wish to audit.

·        Displaying the Audit Analysis Report for a detailed description on how to specify your audit analysis report. You can view the recorded information as desired. You can view everything that you have logged, or you can select a sub-group (for example, certain transactions or certain users).

·        Deleting Old Audit Files for information on archiving and deleting your audit files.

 

 

 

 

End of Content Area