12-17-2008 3:45 PM
Hello everyone.
Is it possible to configure SAP to send audit logs to an external SYSLOG device such as MARS? We would like the ability to "export" the daily SAP Security logs to a non-SAP device for backup and monitoring. I have heard that SYSLOG storage doesn't work with SAP or SAP on AIX. Is this true?
Is there anyway to dump the SAP logs into a non-SAP system and what systems are compatible? Management is afraid that our logging will overwhelm the SAP/AIX systems and would like to store and review the data outside of SAP.
Systems: CRM 2007
BI 7.0
Solution Manager 7.0
Enterprise Portal 6.0
DB2
AIX
Thank you for your help!
Todd
12-17-2008 3:56 PM
If you search service.sap.com for "SM20" and "read audit log external" then you will find information on a report which can be used for this (it is a demo report on how the API functions work).
I think the name is something like RSAU_READ_AUDITLOG_EXTERNAL, and it is mentioned in the FAQ note on SM20 as well.
Cheers,
Julius
Edited by: Julius Bussche on Dec 17, 2008 5:37 PM
12-17-2008 3:56 PM
If you search service.sap.com for "SM20" and "read audit log external" then you will find information on a report which can be used for this (it is a demo report on how the API functions work).
I think the name is something like RSAU_READ_AUDITLOG_EXTERNAL, and it is mentioned in the FAQ note on SM20 as well.
Cheers,
Julius
Edited by: Julius Bussche on Dec 17, 2008 5:37 PM
12-17-2008 4:15 PM
>
Management is afraid that our logging will overwhelm the SAP/AIX systems and would like to store and review the data outside of SAP.
Hi Todd,
What are the management basing that "fear" on? I have not noticed any appreciable performance hit when reviewing audit logs. If your system is sized as such that it could cause a problem then they might better spend the money elsewhwere.
12-25-2008 12:12 PM
Hi
From the best practices in security point of view is a good idea to have all log information sent to an external server so in case of a break-in you can review such information.
12-17-2008 4:20 PM
The complete project scope has been completely underestimated in time, money, manpower and I believe system resources as well. In configuring the Audit logs I was warned that managment doesn't want to spend the extra money and doesn't have extra money for disk space. They are concerned that the filters I set (Critical only) will overwhelm the systems with data - that we will run out of disk space.
In a seperate conversation it was decided that "we" would like to offload our logs to MARS for central reviewing and processing. Instead of having to login to each client and review the logs, we could export them to a central system. That is what I am researching right now. It doesn't appear from what I have read, that it is possible with SAP.
Is it possible to send the SAP logs to a non-SAP system for review and archiving?
Thanks
Todd