cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security Audit Log file

Former Member

on ‎03-14-2008 5:58 AM

0 Kudos

Hi gurus,

We have activated security audit log.

In starting file name was

audit_yyyymmdd but the maximum file size was 10MB .

Now we increase the file size but the problem is its file name has changed to yyyymmdd000001.AUD.Which is unable to read from sm20.All the time we need to rename it to audit_yyyymmdd format then only it is able to read.

2nd problem is although we have made same changes on all App server and CI . The file size increase only in CI and not on App server.

Please suggest any other parameter.

Edited by: Shiv Chalke on Mar 14, 2008 6:58 AM

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎03-14-2008 6:09 AM
0 Kudos

Hi,

check the application server system profile parameter rsau/max_diskspace/local (Maximum space for security audit file)

here you can set initial size of audit file size. in your case it is 10M you can change this parameter using RZ10 ( restart of SAP server required)

SM20 only read audit_yyyymmdd

check the file list using SM20 -> goto -> file list

regards,

kaushal

Show replies
Show replies
Former Member
‎03-17-2008 9:19 AM
0 Kudos

OK,

But what about the changes in file name?

How should i get it back to audit_yyyymmdd.?

Also can you tell me the value of the parameter?

Former Member
‎03-17-2008 9:41 AM
0 Kudos

Hi,

parameter for audit file name is FN_AUDIT

Valid file name for the operating system.

The name must include eight (8) '+' in sequence (which the system

substitutes with the current date) followed by (6) "#" (which the

system replaces with a sequential number).

in you case when you change the size of audit file it's became yyyymmdd000001.AUD

but FN_AUDIT parameter has value ++++++++.AUD so it's not readable.

regards,

kaushal

Edited by: kaushal malavia on Mar 17, 2008 3:12 PM

Former Member
‎03-17-2008 10:24 AM
0 Kudos

Shall i add parameter FN_AUDIT with value ++++++++000001.AUD?

It is giving me error.

File name FN_AUDIT 1 does not contain the character string &2

Do you still want to copy the parameter?

Former Member
‎03-17-2008 10:32 AM
0 Kudos

Hi,

you can not assign ++++++++000001.AUD to parameter FN_AUDIT

if you want to assign you can assign like ++++++++######.AUD

you can use the standard one also ++++++++.AUD , but yyyymmdd000001.AUD file is not readable from SM20

new audit file is generated with yyyymmdd.AUD

regards

kaushal

Edited by: kaushal malavia on Mar 17, 2008 4:03 PM

Former Member
‎03-17-2008 11:05 AM
0 Kudos

I made the chages.

Will get back to you once we give a restart.

Thanx a lot for your prompt responce.

Former Member
‎03-20-2008 10:20 AM
0 Kudos

Hi,

It worked in development.

The parameter and its values are:

FN_AUDIT ++++++++######.AUD

rsau/max_diskspace/per_file 15000000

rsau/max_diskspace/per_day 15000000

rsau/max_diskspace/local 15000000

rsau/enable 1

Can u suggest me the ratio of valus added to the parameter.

Former Member
‎03-20-2008 10:29 AM
0 Kudos

Hi,


Can u suggest me the ratio of valus added to the parameter

I did not get you can you explain in brief

rsau/max_diskspace/per_file 15000000

rsau/max_diskspace/per_day 15000000

rsau/max_diskspace/local 15000000

rsau/enable 1 -> you have to configure audit using SM19 otherwise it's not working

no need to change default value ( following are default value)

rsau/max_diskspace/per_file 0

rsau/max_diskspace/per_day 0

rsau/max_diskspace/local 0

rsau/enable 0

rsau/max_diskspace/local 20M for unicode system

regards,

kaushal

Former Member
‎03-26-2008 6:47 AM
0 Kudos

Hi,

FN_AUDIT ++++++++######.AUD

rsau/max_diskspace/per_file 15000000

rsau/max_diskspace/per_day 15000000

rsau/max_diskspace/local 15000000

rsau/enable 1

above are the parameters we have added and its respective values.Are these valus are correct or is there any dependancy of values ?

Issue is not with file reading.

We are able to fetch data from sm20.

Former Member
‎03-26-2008 6:51 AM
0 Kudos

Hi,

check Note 539404 - FAQ: Answers to questions about the Security Audit Log

your problem is solved please close this thread

regards,

kaushal

Ask a Question