Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security Audit Log is not active (0170)

Former Member

‎01-10-2014 1:29 PM

0 Kudos

Hi guys,

I am configure "Security Optimization Service Analysis" in solution manager.

In the report section 6.1.8 Security Audit Log is not active (0170) I get the next messages:

Evaluated Risk - High

Recommendation to customize the Security Audit Log.

Settings:

·,,Activate the profile parameter rsau/enable.

·,,Set the profile parameter rsau/selection_slots to its maximum value of 10.

·,,Activate the profile parameter rsau/user_selection

Filter:

·,,Use one filter to log critical events for all users in all clients.

·,,Use other filters to log everything for critical users such as SAP* and support users, including FireFighter users.

·,,Use the remaining filters to log events in special cases.

All settings of profile parameter and filter already exist.

For configuration used this link http://scn.sap.com/thread/3298688

Any body knows what else you need to configure  that a report would not show the risks of paragraph 6.1.8?

10 REPLIES 10

Former Member

‎01-10-2014 2:07 PM

0 Kudos

Hi Mikhail

that topic looks perfect! If you've applied all settings , you just need to make SOS repeat the service collection data and the message should disappear

Regards

a

Former Member
In response to Former Member

‎01-10-2014 2:40 PM

0 Kudos

Hi Andrea,

I did collection data with trx st14

With these parameters:

- BS List personal data (N/Y) | Y

- BS List profiles (N/Y) | Y

- BS User for SAPNet R/3 Frontend | <SAP_UserID> - my s-user.

and send to my solman.

Also I did all steps in solman, but result the same.

Former Member
In response to Former Member

‎01-10-2014 2:56 PM

0 Kudos

weird

can you paste here screenshots of your static/dynamic config in sm19 and results of rsparam spool?

Former Member
In response to Former Member

‎01-13-2014 10:21 AM

0 Kudos

Hi Andrea

rsparam:

rsau/enable1
rsau/selection_slots10
rsau/user_selection

1

Preview file
30 KB
Preview file
18 KB

Former Member
In response to Former Member

‎01-13-2014 10:37 AM

0 Kudos

Hi Mikhail

Filter 3 is not properly configured


Preparing the Security Audit Log - System Security - SAP Library

Cheers

Former Member
In response to Former Member

‎01-13-2014 2:17 PM

0 Kudos

Hi Pavan,

In URL that you propose I can't find filters that i can configure .

Please explain why filter is not properly configured?

BR

Former Member
In response to Former Member

‎01-13-2014 6:59 PM

0 Kudos

Hi Mikhail

Click on edit button and click reset button...

then you can see the below

Cheers

Pavan m

Preview file
29 KB
Preview file
18 KB

Former Member
In response to Former Member

‎01-16-2014 10:08 AM

0 Kudos

Hi Pavan,

I recreate all filter as described this http://scn.sap.com/thread/3298688

And start security audit. Result the same: Security Audit Log is not active (0170).

May you have idea why system return this message.

Preview file
6 KB
Preview file
12 KB
Preview file
13 KB
Preview file
12 KB
Preview file
13 KB

Former Member

‎01-10-2014 4:29 PM

0 Kudos

Hi Mikhail

Did u activate the profile (CTRL+F3) ??

Cheers

Former Member
In response to Former Member

‎01-13-2014 10:22 AM

0 Kudos

Hi Pavan,

All profile activated.

BR