01-10-2014 1:29 PM
Hi guys,
I am configure "Security Optimization Service Analysis" in solution manager.
In the report section 6.1.8 Security Audit Log is not active (0170) I get the next messages:
Evaluated Risk - High
Recommendation to customize the Security Audit Log.
Settings:
·,,Activate the profile parameter rsau/enable.
·,,Set the profile parameter rsau/selection_slots to its maximum value of 10.
·,,Activate the profile parameter rsau/user_selection
Filter:
·,,Use one filter to log critical events for all users in all clients.
·,,Use other filters to log everything for critical users such as SAP* and support users, including FireFighter users.
·,,Use the remaining filters to log events in special cases.
All settings of profile parameter and filter already exist.
For configuration used this link http://scn.sap.com/thread/3298688
Any body knows what else you need to configure that a report would not show the risks of paragraph 6.1.8?
01-10-2014 2:07 PM
Hi Mikhail
that topic looks perfect! If you've applied all settings , you just need to make SOS repeat the service collection data and the message should disappear
Regards
a
01-10-2014 2:40 PM
Hi Andrea,
I did collection data with trx st14
With these parameters:
- BS List personal data (N/Y) | Y
- BS List profiles (N/Y) | Y
- BS User for SAPNet R/3 Frontend | <SAP_UserID> - my s-user.
and send to my solman.
Also I did all steps in solman, but result the same.
01-10-2014 2:56 PM
weird
can you paste here screenshots of your static/dynamic config in sm19 and results of rsparam spool?
01-13-2014 10:21 AM
01-13-2014 10:37 AM
Hi Mikhail
Filter 3 is not properly configured
Preparing the Security Audit Log - System Security - SAP Library
Cheers
01-13-2014 2:17 PM
Hi Pavan,
In URL that you propose I can't find filters that i can configure .
Please explain why filter is not properly configured?
BR
01-13-2014 6:59 PM
Hi Mikhail
Click on edit button and click reset button...
then you can see the below
Cheers
Pavan m
01-16-2014 10:08 AM
Hi Pavan,
I recreate all filter as described this http://scn.sap.com/thread/3298688
And start security audit. Result the same: Security Audit Log is not active (0170).
May you have idea why system return this message.
01-10-2014 4:29 PM
01-13-2014 10:22 AM