SM20 : IP/DNS address Terminal column

Former Member · ‎06-09-2009

Hi,

English not my main language sorry in advance.

I've set a Security Audit Log (SM19/SM20 and mofided my instance profile -> rsau/enable, rsau/local/file, rsau/max_diskspace/local, rsau/selection_slots)

All working well but when i check logs (sm20) the 'Terminal' of the user logged in/off with the SAPGUI from a windows workstation is the NETBIOS name (%COMPUTERNAME%) of his workstation instead of the IP/DNS address (on linux it's the local hostname - on redhat /etc/sysconfig/network) .Of course i don't have this problem when using web client.

So here my question : Is it possible on SAP to log IP/DNS address instead of NETBIOS name/hostname of a client using SAPGUI when using audit strategy ? If yes, what do i have to modify and where (client or server side)

We use : SAPGUI 7.10 (Windows version) and ECC6 server kernel 7.0

Thx in advance for the help

Frank_Buchholz · ‎07-02-2009

Hi,

unfortunatly there doesn't exist a switch for the Security Audit Log to choose the terminal id or the IP: If a terminal id is available then it is used, if not the IP is used. (On the other hand, transaction SM04 shows the IP of the GUI client as well - if you change the layout.)

Kind regards

Frank

sdipanjan · ‎07-02-2009

>

> unfortunatly there doesn't exist a switch for the Security Audit Log to choose the terminal id or the IP: If a terminal id is available then it is used, if not the IP is used. (On the other hand, transaction SM04 shows the IP of the GUI client as well - if you change the layout.)

>

hmm... also you can use the table USR41 can be used to to check the Terminal name for the last logon of users.

Regards,

Dipanjan

Frank_Buchholz · ‎07-02-2009

Hi Dipanjan,

a good point, because the table USR41 field TERMINAL contains the terminal id and the IP.

Kind regards

Frank

Former Member · ‎07-02-2009

If you have the terminal name and user name from the log and expect it to be the same (still), then you can also do a LAN ping to the "presentation server" (SAPGui) of the user.

I think the tcode is ST06 if I remember correctly.

In SM04 (on the same app server as the user) you can also try the menu to look at the Technical Information. This gives a lot of information and the IP address is there as well if I remember correctly.

These are "snap shots" at the current time. But still usefull.

Cheers,

Julius

Former Member · ‎07-03-2009

Thx for the tips.

SM04 and/or Table USR41 works great but only if user is connected. I don't have history.

I must be able to log login/ip address (and it seems not possible with audit log)

The only way i've found googling is to activate user exit in function EXIT_SAPLSUSF_001(module TH_USER_INFO and/or TERMINAL_ID_GET) to populate specific table

As i'm not an expert on SAP, i've understood it's something i have to code on ABAP but can't really know how to and where to do it.

If someone have already made it or can help making it ...

Best regards

Former Member · ‎07-22-2009

Hello,

I did not see an email address for the author, so I am using this public forum to ask - have you had further resolution yet on this?

I have a similar case where as an Auditor for my company, I find transactional logs easily but for Basis access and transactions on the system, sometimes we do not see what that "privileged user" is doing. Is SM19/SM20 Audit logging the only way to track this "privileged user" type of activity?

Thank you for your thoughts and comments.

Former Member · ‎07-22-2009

You can also take logs from Transcation SLG1 (Application logs)

Regards

Vikas