Solved: usage of SM18, SM19, SM20

Former Member · ‎03-28-2007

please explain the usage of transaction codes SM18, SM19, SM20 in SAP, for audit.

Regards

Puneet

RainerKunert · ‎03-30-2007

Hi all,

try also transaction SM20N. It is similar to SM20 but offers advanced selection options.

Former Member · ‎03-28-2007

Hi Puneet,

These transactions are for Security administration.

SM20 - Security Administrator run this report periodically to get the details of 'Failed logons' of the users in the Production system and investigate the causes.

Apart from that other details e.g.Failed transations,users running the critical reports etc can also be obtained.

SM18 - to delete old Security logs.

SM19 - Audit Profile can be maintained.Go to 'Detailed Display',you can see the various Events correspond to their criticality.

<removed_by_moderator>

Thanks,

sAmik.

Message was edited by:

Samik Sarkar

Edited by: Julius Bussche on May 27, 2008 11:14 AM

Former Member · ‎03-28-2007

Hi Puneet,

Transactions SM18, SM19, SM20 deals with security Audit Log.

SM18

To archieve or delete old audit log files

SM19

you can configure the Static/Dynamic fileters here.

The system administrator or security administrator defines the events you

want to audit in filters. Filters consist of the following information:

. Client

. User

. Auditclass

. Weight of events to audit

The audit class returns information about the following:

. Dialog logon

. RFC/CPIClogon

. Remotefunctioncall(RFC)

. Transaction start

. Reportstart

. User master change

You can specify the weight of events to audit:

. Audit only critical

. Audit important and critical

. Auditallevents

SM20

SM20 to assess the security audit log.

Soppose if you wanted to find out the transaction run by a perticular user in certain period, You can get this information in SU20.

Please visite:

http://help.sap.com/saphelp_46c/helpdata/en/95/d2a8e96d6611d1a5700000e835363f/frameset.htm

Hope it helps.

<removed_by_moderator>

Thanks & Regards,

Santosh

Edited by: Julius Bussche on May 27, 2008 11:15 AM

Former Member · ‎03-28-2007

Check the below link which explains all about Auditing and logging in SAP.

http://help.sap.com/saphelp_nw04s/helpdata/en/8a/a8b5386f64b555e10000009b38f8cf/frameset.htm

Hope it helps.

Br

Sri

<removed_by_moderator>

Edited by: Julius Bussche on May 27, 2008 11:15 AM

Former Member · ‎03-28-2007

Review the following document from SAP.

It has what need in one nice PDF.

<a href="http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCCSTADM/BCCSTSAL.pdf">Audit Log pdf</a>

Cheers,

Ben

RainerKunert · ‎03-30-2007

Hi all,

try also transaction SM20N. It is similar to SM20 but offers advanced selection options.

Former Member · ‎04-24-2007

Hi all, i would like to tag on this thread to ask on SM19. If i wanted to define only 3 users to log, does it mean i have to go to sm19 3 times? Currently in the function i can only choose to log either 1 person or put an '*' which i assume means all.

Cheers!

Former Member · ‎04-24-2007

Try if you could create a VARIANT for selected users.

Regards,

Sudhan Shan

RainerKunert · ‎04-24-2007

Hi,

if you want to log only 3 users you have to create 3 filters. May be you can use a generic filter (for example user* or *user). For generic filters you have to set the system profile parameter rsau/generic_users to 1.

Regards

Rainer

Former Member · ‎11-08-2007

Continuing on the same topic, I tried accessing the logs for SM20. all i got is "No Aduit files" message, is this because the Audit log was not turned on? Or is there any other reason for the same.

Former Member · ‎05-27-2008

Hello,

you need to create audit log parameters by using SM19

Former Member · ‎07-09-2008

Hi all,

I would like to know why after activated a filter in static configuration, when I read the report in SM20, I have to give one more time the details on the audit I want.

Moreover, the parameter rsau/local/file is missing in RZ11. Is it normal?

Thanks for responding