How to get terminal name in SM20 audit log?
There is a user of 'System' type which was getting locked at regular intervals in my system through incorrect logon attempts (KRNL).
I tried to find the source RFC connection which was trying to log on with this user using incorrect credentials - using the SM20logs.
I checked all the parameters for this particular user and client in SM19 - Dynamic configuration filters, and distributed the filters to all servers.
Unlocked the user, and as expected, it got locked again within minutes.
Then I took a look a the SM20 logs, found the specific records for the RFC logon attempts, and the lock itself. However, there was nothing under the column 'Terminal'. Neither the terminal name, nor the IP address of the source was mentioned.
Am I doing something wrong here, or is there something else which would need to be activated to obtain the terminal name in the SM20 logs?
Thanks in advance,