on 02-20-2010 5:10 AM
Hi,
Iam getting stad report for last one week,iam not getting the stad report for last month.i want to get stad report for particular day in last month.how to rectify the same.
Thanku
Hi,
Statistics files are written every hour. You can change the value of this parameter stat/max_files. This parameter specifies the Number of stat-Files which can be held at a time and its maximum value is 99. Means the last limit is 99 hours.
Please refer the following similar threads to get more detailed Information:
Also check this [useful Blog about STAD|http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/5511] [original link is broken] [original link is broken] [original link is broken]; and SAP Note 139418 - Logging user actions.
Regards
Bhavik G. Shroff
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
set rsau/max_diskspace/local parameter with max value 2147483647 bytes.
Ensure that the location where the Audit Log file will be created, is having enough disk space. (default location is \usr\sap\<SID>\<instance_number>\log directory)
Specify the Deletion period of old SAP Security Audit Log file using SM18 (Security Audit-Reorganization) T-code.
Regards
Bhavik G. Shroff
hi,
Thanku,I configured below parametsrs in rz10.
rsau/local/file /usr/sap/LID/DVEBMGS00/log/
rsau/user_selection 1
rsau/selection_slots 3
rsau/max_diskspace/per_file 1048576
rsau/max_diskspace/per_day 3
rsau/max_diskspace/local 2147483647
rsau/enable 1
activated profile in sm19,still iam not getting audit log for last week in sm20.guide me for the same.
Thanku
Hi,
rsau/local/file /usr/sap/LID/DVEBMGS00/log/
???
you will have to set DIR_AUDIT parameter instead of it.
Set the following parameter with reference value:
Parameter Description Reference Value
DIR_AUDIT Directory for security audit files S:\ECP-AUDIT\ECP\DVEBMGS00\ECP_security_audit_log
FN_AUDIT Name of security audit file ECP_AUDIT_++++++++.AUD
rsau/enable Enable the Security Audit Log 1
rsau/max_diskspace/local Maximum space for security audit file 2147483647
rsau/max_diskspace/per_day Maximum size of all security audit files per day (If you wish, otherwise let it be default '0')
rsau/max_diskspace/per_file Maximum size of one single security audit file (If you wish, otherwise let it be default '0')
rsau/selection_slots Number of filters to allow for the Security Audit Log (If you wish, otherwise let it be default '2')
rsau/user_selection Defines the user selection method used inside kernel functions (If you wish, otherwise let it be default '0')
activated profile in sm19,still iam not getting audit log for last week in sm20.
After Proper setting of Security Audit log parameters, the Application Server needs to be restarted to make the changes effective. You will only get the Audit Data since the activation of valid Security Audit parameter.
Regards,
Bhavik G. Shroff
-->You can use ST03 or STAD to get it for one day.
-->ST03G to look at one user at a time for a month at a time.
You can increase retention time from the standard 1/2 days up to 4 days in order to be able to investigate a potential weekend problem.
No please do not use this.
It is *Not recommended to do that with STAD data...* Data would be way to large and way to detailed.
BUT , no worry's, SAP has this functionality build in: its called security audit log:
You can configure and activate the Security Audit Log (SM19) and then analyze its entries through SM20. You can configure exactly what needs to be tracked...
Useful transactions:
SM19 (config)
SM20 (analyze) (SM20N , depending on release)
SM18 (delete old logs)
Other SAP Note which is helpful in this case 539404 - FAQ: Answers to questions about the Security Audit Log
Let me know if usefull
Best regards,
Sanjeev Nagalikar.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.