- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Recommended use of transaction start event in secu...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Recommended use of transaction start event in security audit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2009 9:05 PM
We've been approached by our internal audit department about producing a log of transactions that have been started along with the associated user ids. I see that I can enable security audit logging in SM19 for transaction start events, but I am concerned about the load this may impose on our system.
1. I understand that load will be specific to how many users I have and how heavily my system is used.. but can anyone say what impact I might see relative to other more common event types? Or perhaps can you share any important warnings or advice in this regard?
2. I'd like to know if there is any way to place a filter on the collection of audit events so that only transactions of interest are logged? I know I can apply a filter when I view the logs, but I'd prefer to reduce the amount of data collected in the first place.
Thanks,
Dan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2009 9:13 PM
I have been using the audit log for a long time, and other than disc space requirements have not had any problems.
If the systems are incorrectly sized, this should be the least of your worries.
Specifically to logging certain groups of transactions but not others: No, I don't think this is possible in the audit log. There are too many transactions, and finding them all is not a task which can be accomplished in one lifetime
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2009 9:13 PM
I have been using the audit log for a long time, and other than disc space requirements have not had any problems.
If the systems are incorrectly sized, this should be the least of your worries.
Specifically to logging certain groups of transactions but not others: No, I don't think this is possible in the audit log. There are too many transactions, and finding them all is not a task which can be accomplished in one lifetime
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2009 10:04 PM
Hi Dan,
I agree with Julius, if the audit log has a perceptible impact on performance then you have sizing problems. The main thing is to make sure that your log files are big enough to store the data you have chosen to record. I vaguely remember a post a while back (it might be one by Julius) which gave info on how to query the audit logs. Maybe you could set up a job to query the log files only on the start transaction events you are interested in.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2009 7:52 AM
Don't forget the data privacy acts in the different countries. You may need an agreement with the workers' council.
Normally I use the security audit log for emergency users (users with SAP_ALL) only. If you have a naming convention for emergency users you can use one filter for them (generic user name).
Is it really necessary to log all users? You have to customize the system profile parameters (rsau/*), otherwise the log may stop in the afternoon if the daily granted disk space is completely used.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2009 4:17 PM
