SM21 logs and 9 months retention period?
I have been asked to extend the availability of the SM21 logs to 9 months. I have estimated that each file would then be something like 500GB and we have 10 application instances. A security compliance officer here wants to look for "interesting" things in them but I am very reluctant to make the changes needed as I fear what will happen when he does a global read from all files at the same time with such huge files.
What is the SAP best practice for the SM21 logs?
How do you handle requests like this?
I would really appreciate some input on this topic.
Divyanshu Srivastava replied
1st of all - Nine months of data in such cases would eat up lots of CPUs, I/O and memory .
However, reading should be easy if filters are used smartly. You cannot load a 500 gig file for reading. Also, the sum of all files should be 500 gigs per application server, so 500 gig is already segregated at OS level. All is need to do the same from SAP level using filters.
If your officer is still not concerned with after-effects, give him the access in non-business hours.
For rest, Deepak has already answered your query,