cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Tracing User Activity

Former Member

on ‎05-14-2009 7:39 AM

0 Kudos

Dear SAP Gurus,

One of our administrative user-id's is getting blocked due to Incorrect logons which clearly states some one(not authorized) is trying to login via that user-id.

I would like to know is it possible to trace who is trying to login from that specific userid from which terminal.

Regards,

Ashish .A. Poojary

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (6)

Answers (6)

Former Member
‎05-14-2009 11:11 AM
0 Kudos

Issue Resolved !!!!

There was a scenario which had a wrong password hard coded.

It's working fine now.

Thx for your suggestions.

Regards,

Ashish .A. Poojary

Show replies
Show replies
Former Member
‎05-14-2009 10:44 AM
0 Kudos

Dear Ashish,

It is very difficult to trace that who is trying to lock that id knowingly. Because he or she may try from any of the machine on the network. But here are some tips to reach the machine.

Use SM21 (System Log) - It will show you the log for unsuccessful logon.

Trace the Machine name (Computer name from he/she trying to access)

Goto prompt and type

c:> traceert <COMPUTER NAME>

this will provide the details of TCP/IP Address of the computer. I thing now you can catch that person.

Thanks

Show replies
Show replies
JPReyes
Active Contributor
‎05-14-2009 11:00 AM
0 Kudos 
It is very difficult to trace that who is trying to lock that id knowingly. Because he or she may try from any of the machine on the network. But here are some tips to reach the machine.

SM20 shows you the terminal (Computer name) from where the logon was attempted.

User can also be getting locked because of and RFC or a job been triggered calling an RFC that has an incorrect password. (Been a non technical user I presume this is not the case)

Regards

Juan

Former Member
‎05-14-2009 8:05 AM
0 Kudos

I checked out by sm20.

No reults .

Could this be a possibility ???

In a program or scenario the username and password is hardcoded and a wrong password has been hard coded in the program.

Awaiting Response.

Regards,

Ashish .A. Poojary

Show replies
Show replies
Former Member
‎05-14-2009 8:10 AM
0 Kudos

sm21 log gives you all info , weather it is dialog process or background and all ,

also check your RFC connections...

Former Member
‎05-14-2009 8:41 AM
0 Kudos

check SUIM->Users->Users by complex selection criteria

JPReyes
Active Contributor
‎05-14-2009 9:44 AM
0 Kudos 
I checked out by sm20.
No reults .

Did you check that Security Audit is properly configured?.... set the parameters of the Audit via SM19 and then check the results on SM20, you won't find info if its not setup.

Read,

http://help.sap.com/saphelp_nw70/helpdata/EN/c7/69bcb7f36611d3a6510000e835363f/content.htm

Regards

Juan

Former Member
‎05-14-2009 8:02 AM
0 Kudos

go to SM21 ,give date range, there you can find the logs , double on the message which suggest user locked.. there you can find from which terminal it is happening..

Show replies
Show replies
Former Member
‎05-14-2009 7:48 AM
0 Kudos

Hi

check in SM66 in which application server user logged in or in AL08

from there go to SM50 ro SM04

cheers,

Sudhakar

Show replies
Show replies
Former Member
‎05-14-2009 7:48 AM
0 Kudos

Hi,

As of my knowledge you can find out by security audit log (tcode sm20)

go to sm20 and give the dates range and set select events to select to only critical and click on message filter and check -> Critical User &B Locked in Client &A After Erroneous Password and execute.

narsi

Show replies
Show replies
Ask a Question