06-20-2007 5:36 PM
Dear experts,
how to put full fludged trace on enduser activity.
that is i want to do the following activity:-
*i should know the end user activity. (login details and T-codes accessed by users)
*should know the changes made by the users.
*i need to collect all these in the form of logs, so that i can archive it to network.
and wht kind of security is best preffered by audit people.
i request you all to give some valuable inputs on these questions.
thanking you all
best regards
Raghav
06-20-2007 5:42 PM
Noothangi,
Turn on the Security Audit Log--transaction SM19.
http://help.sap.com/saphelp_nw04s/helpdata/en/2c/c59d37d373243de10000009b38f8cf/frameset.htm
This will show you logon times, tcodes, reports ect.
It will not show you all changes they make in the system. For specific changes you will need to took at the change log tables for the given tcodes they may be running--if applicable.
Cheers,
Ben
06-20-2007 5:42 PM
Noothangi,
Turn on the Security Audit Log--transaction SM19.
http://help.sap.com/saphelp_nw04s/helpdata/en/2c/c59d37d373243de10000009b38f8cf/frameset.htm
This will show you logon times, tcodes, reports ect.
It will not show you all changes they make in the system. For specific changes you will need to took at the change log tables for the given tcodes they may be running--if applicable.
Cheers,
Ben
06-21-2007 8:08 AM
06-20-2007 8:13 PM
Hi noothangi,
Transactions SM18, SM19, SM20 deals with security Audit Log.
SM18
To archieve or delete old audit log files
SM19
you can configure the Static/Dynamic fileters here.
The system administrator or security administrator defines the events you
want to audit in filters. Filters consist of the following information:
. Client
. User
. Auditclass
. Weight of events to audit
The audit class returns information about the following:
. Dialog logon
. RFC/CPIClogon
. Remotefunctioncall(RFC)
. Transaction start
. Reportstart
. User master change
You can specify the weight of events to audit:
. Audit only critical
. Audit important and critical
. Auditallevents
SM20
SM20 to assess the security audit log.
Soppose if you wanted to find out the transaction run by a perticular user in certain period, You can get this information in SU20.
Please visite:
http://help.sap.com/saphelp_46c/helpdata/en/95/d2a8e96d6611d1a5700000e835363f/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/8a/a8b5386f64b555e10000009b38f8cf/frameset.htm
The above matter is from the below post.
Cheers
Soma
06-21-2007 8:10 AM
Hi soma,
your information is very helpfull to me.
thanks for your valuable inputs.
after doing some ground work, i'll get back to you with few more doubts.
thanking you.
by
raghav
06-21-2007 1:17 PM