cancel
Showing results for 
Search instead for 
Did you mean: 

SM20 report shows empty result

Former Member
0 Kudos

Hi All,

Issue in Audit sm20:

one of the account with special privileges which was set open for doing changes directly in production for a limited time.

When i tried to run an SM20 report to list the actions I did but I get an empty result.Where as able to get other information except that particular user.

Findings:

1.Able to identify transaction used in st03 for that user.

2, logs were returned on that particular date.

3.cheked in sm19 all activities were active.

4.all related parameters were set accordingly.

PLease help me out in finding out the result and to solve the issue

Accepted Solutions (1)

Accepted Solutions (1)

nelis
Active Contributor

4.all related parameters were set accordingly.

Are you sure you had rsau/enable = 1 on all of your application servers ? Also, you can activate table auditing using parameter rec/client and then enable logging for specific tables requiring it(should only be done on small tables). Table T000(SCC4) has logging enabled by default when table auditing is activated.

Nelis

Former Member
0 Kudos

Hi Neils,

Thank you for the inputs.

Mentioned parameter is set to 1 and also rec/client=All.

Any other options to identify the cause.

nelis
Active Contributor
0 Kudos

With table auditing enabled you can check in SCC4 -> Utilities -> Change Logs to see who opened the system for changes. The other thing to check is the size of your audit logs for storing data with parameter rsau/max_diskspace_local ...It may be set too small to capture all information(default is 10MB). Otherwise, I have no idea.

Nelis

volker_borowski2
Active Contributor
0 Kudos

>

> Hi Neils,

>

> Thank you for the inputs.

>

> Mentioned parameter is set to 1 and also rec/client=All.

>

> Any other options to identify the cause.

Hi,

rec/client has nothing to do with SM19/SM20.

It enables the system to log a very bare version of changelogs

for tables tagged in SE13 to do so and is only intended to be used

for customizing tables. The changelogs are stored in table

DBTABLOG / DBTABPRT (depending on release).

You can list these changes with report RSTBHIST.

Volker

Answers (1)

Answers (1)

Former Member
0 Kudos

> When i tried to run an SM20 report to list the actions I did but I get an empty result.Where as able to get other information except that particular user.

>

--> I believe you were able to view other users' activities during the same time, but specifically not for one user ?

In case there are many instances in your SAP system, could you check for all instances individually from SM20 ?

Also Security Audit logs cease to write when the audit log max size is achieved / quota for the day is done. Even this is instance specific and hence you need to verify this for the instance to which user logged on.

There are also occurances of Audit logs not being written owing to product error. Could you go through the following SAP Notes , in case the SAP release mentioned in the notes match with that of yours ?

-


SAP Note 763159 - Security Audit Log: some transaction starts not audited

SAP Note 710138 - Security Audit Log: Transactions are not recorded (3)

SAP Note 317883 - SecAudit: Transactions are not recorded

SAP Note 483953 - Security Audit Log: AU9 and AUA events are not recorded

SAP Note 840798 - SecAudit: Transaction code sometimes missing

-


cheers !

PRADi