cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to check the IP / terminal name that tried to login ?

Former Member

on ‎04-22-2008 9:48 AM

0 Kudos

hi,

my system will lock ID after 3 failed login attempts. if there is one id always got locked up but the failed login attempts was not done by the owner itself, how do we check from which IP or terminal is trying to access to that id and make it locked ?

suspect other users are trying to be playful and trying wrong password to purposely lock the id. how do i catch the culprit ?

i did try to use STAD to capture the activity, in the log it has the record there is failed logon, but didn't show the Terminal ID.

comment and advice will be appreciated.

thanks.

Regards,

kent

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎05-28-2009 4:55 AM
0 Kudos

forced to make it answered

Show replies
Show replies
Former Member
‎04-22-2008 9:56 AM
0 Kudos

Hello,

first you activate security audit log in sm19 after that you can analyze the security audit log in sm20n .

Regards,

Maheshwer.p

Show replies
Show replies
Former Member
‎04-22-2008 10:14 AM
0 Kudos

hi Maheshwer,

this is a good idea also, but i can only activate the audit log after the user complained his/her id is locked.

i did try to activate a profile in SM19, after the activation it says

" Audit profile TESTING2 activated for next system start" , does it mean i need to restart SAP system to make it active ?

thanks.

regards,

kent

JPReyes
Active Contributor
‎04-22-2008 10:25 AM
0 Kudos

In SM19 the second tab is for Dynamic Configuration... from there you can enable and disable the audit without restaing the System

Regards

Juan

Former Member
‎04-22-2008 10:47 AM
0 Kudos

hi Juan,

I see. So to analyze the log, use tcode sm20n ?

thanks.

regards,

kent

JPReyes
Active Contributor
‎04-22-2008 10:57 AM
0 Kudos

sm20 or sm20n ...

if you have multiple DI's choose them all... or in sm20 click on Security Audit log -> choose -> All Audit logs

Regards

Juan

Former Member
‎04-22-2008 11:00 AM
0 Kudos

Hi Kent. The simple way go to sm21 and chek by date , find the like this "User TEST locked due to incorrect logon" , press on this field, and you can see terminal name. Regards. Award if helpful.

JPReyes
Active Contributor
‎04-22-2008 11:07 AM
0 Kudos

yeah.. that will work too...

Juan

Ask a Question