Maintaining Static Profiles
Use
You specify the information you want to audit in filters that you can either:
...
1. Create and save permanently in the database in static profiles.
If you use this option, all of the application servers use identical filters for determining which events should be recorded in the audit log. You only have to define filters once for all application servers.
You can also define several different profiles that you can alternatively activate.
2. Change dynamically on one or more application servers.
With this option, you can dynamically change the filters used for selecting events to audit. The system distributes these changes to all active application servers.
This topic concentrates on permanently saving filters in static profiles in the database. For information on changing the filters dynamically, see Changing Filters Dynamically.
Filters saved in static profiles take effect at the next application server start.
Prerequisites
The following profile parameters must be set:
Audit Log Profile Parameters
Profile Parameter |
Description |
DIR_AUDIT |
Directory for security audit files |
FN_AUDIT |
Name of security audit file |
rsau/enable |
Enable the Security Audit Log |
rsau/max_diskspace/local |
Maximum space for security audit file |
rsau/max_diskspace/per_day |
Maximum size of all security audit files per day |
rsau/max_diskspace/per_file |
Maximum size of one single security audit file |
rsau/selection_slots |
Number of filters to allow for the Security Audit Log |
rsau/user_selection |
Defines the user selection method used inside kernel functions |
Procedure
...
1. To access the Security Audit Log configuration screen from the SAP standard menu, choose Administration → System Administration → Monitor → Security Audit Log → Configuration (transaction SM19).
The Security Audit: Administer Audit Profile screen appears with the Static configuration tab page activated. If an active profile already exists, it is displayed in the Active profile field.
2. Enter the name of the profile to maintain in the Displayed profile field.
3. If you are creating a new audit profile, choose Profile → Create. To change an existing profile, choose Profile → Display <-> Change.
To display an existing profile before changing it, choose Profile → Display.
The lower section of the screen contains tab pages for defining filters. The number of tab pages correspond to the value of the profile parameter rsau/selection_slots. Within each tab page, you define a single filter.
4. Define filters for your profile.
5. Make sure the Filter active indicator is set for each of the filters you want to apply to your audit.
6. Save the data.
7. To activate the profile, choose Profile à Activate.
8. Shut down and restart the application server to make the changes effective.
Result
The filters you define are saved in the audit profile. If you activate the profile and restart the application server, actions that match any of the active filter events are then recorded in the Security Audit Log.
On some UNIX platforms, you also need to clear shared memory by explicitly executing the program cleanipc. Otherwise, the old configuration remains in shared memory and the changes to the static profile do not take effect.