- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Security Audit Log Not Recording all Transactions
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Security Audit Log Not Recording all Transactions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2007 6:01 PM
Hi all,
We have our security audit log set up in our SAP R/3 development system. However, for some reason not all executed transactions are being recorded. Out of the following transactions that I tested only ME21N & FSS0 are being logged:
SCC1
RZ11
PA20
SM20N
MM01
ME21N
FSS0
Below is a sample output of the log:
Transaction Code Program Security Audit Log message text
SESSION_MANAGER SAPMSYST Logon Successful (Type=A)
SESSION_MANAGER RSRZLLG0 Report RSRZLLG0 Started
SESSION_MANAGER RSRZLLG0_ACTUAL Report RSRZLLG0_ACTUAL Started
ME21N RM_MEPO_GUI Report RM_MEPO_GUI Started
FSS0 SAPGL_ACCOUNT_MASTER_START Report SAPGL_ACCOUNT_MASTER_START Started
User Logoff
Does anyone know any reason for this or has anyone come across this before?
Thanks,
Bernard.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2007 10:22 PM
John,
I assume you are running SM20 to read the Audit Log. Audit Log is kept by Application Server, by default, it only read the Audit Log of the App Server you login to. So if you have multiple App Servers, you need to check the option to read the log from all remote server. The menu path is a bit different based on your SAP version. Play around, you will see the option.
And for certain t-codes (SE38) it will list the ABAP program name instead of the t-codes.
Hope this help.
Lye
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2007 2:24 PM
Hi Lye,
Using SM20N to read the Audit Log but this is the same as SM20 I am sure. In SM19 I have selected all Audit Classes to be recorded and when i activated the Dynamic Config I distributed to all servers, but it is strange why some t-codes are being recorded. We only have one app server in our DEV environment so i dont think this is the cause.
Any more ideas?
Thanks,
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2007 7:27 PM
Never had the problem you described. That is why I assume initially that you are not reading from all app servers.
The other possibility I can think of is delay in commit to the db for the log, but this is pretty remote.
Run the test again, and check the timeline to see if the log correspond to your test. According to your setting, all t-codes should be recorded, I used the Audit Log quite extensively on my last project in PRD systems, I can always cross reference between logs from SM20, SM22 & ST01.
If you can duplicate the error, you will need to open an OSS ticket.
Good luck.
Lye
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2007 11:30 AM
It appears that we had to implement note 710138 to fix this and now it works!
- SAP Managed Tags:
- Security
