Show TOC Start of Content Area

Procedure documentation Displaying the Audit Analysis Report  Locate the document in its SAP Library structure

Use

The Security Audit Log produces an audit analysis report that contains the audited activities. By using the audit analysis report you can analyze events that have occurred and have been recorded on a local server, a remote server, or all of the servers in the SAP System.

The audit analysis report produced by the Security Audit Log is designed analog to the System Log.

Procedure

...

       1.      To access the Security Audit Log analysis screen from the SAP standard menu, choose Administration à System Administration à Monitor à Security Audit Log à Analysis (transaction SM20).

In the left pane, the application servers that are connected to the system are displayed. In most cases, the local server is displayed as the first server in the list. In the right pane, the selection criteria is displayed.

Note

By default, all servers are analyzed. If you want to analyze a single server (or multiple ones), select the server or servers in the left pane before entering your selection criteria and executing the report.

       2.      Enter any restrictions you want to apply to the audit analysis report in the appropriate fields or by selecting the desired indicators (for example, From date/time, To date/time, User, Audit classes, or Events to select).

Note

Events are classified into three categories, critical, important, and non-critical, with critical being the most important. You can view critical events only, critical and severe events, or all events.

Note the following:

¡        If you want to include only specific messages in your report:

                                                  i.       Choose Detailed Sel..

                                                ii.       Select the events to include from the list and choose the symbol for Accept Changes (This graphic is explained in the accompanying text).

¡        Additional restrictions are possible in the Extras tab. Here, it is also possible to search for messages that contain a specific variable, for example &A for started transactions.

       3.      To modify the output format, change the options in the Format tab. You can specify an ALV list variant or limit the output here.

       4.      To read the Security Audit Log, choose one of the following options:

·                    Choose Security Audit Log à Re-read audit log to initially read or to replace a previously read log.

·                    Choose Security Audit Log à Re-display only to view the last audit log you read. For example, you can change the Selection options to modify the audit analysis report without having to re-read the log.

·                    Choose Security Audit Log à Read audit log to merge new information using different selection criteria with the current information in the audit analysis report.

Note

The Imported audit log entries field tells how many log entries the system has read from the log file.  When you first enter the Audit Log: Analysis initial screen, this field is set to the value "0".

Result

The result is the audit analysis report containing the messages that correspond to your selection criteria. By selecting an individual message, you can view more detailed information (see Reading the Audit Analysis Report).

 

 

 

End of Content Area