You can look in transaction SM05 for active security sessions. Also in table SECURITY_CONTEXT you see all active X-CSRF-Tokens
I don't think that token generation is being logged somewhere
You can activate Gateway logging via /IWFND/TRACES however all requests are being logged not only the ones which require a Token. By default all modifying requests need a Token so maybe you can filter all non-GET's
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.