Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Who was logged in last night?

Former Member

‎06-24-2008 10:31 AM

0 Kudos

This should be a simple question for you. Is there a transaction where I can see who was logged in last night between two time points? Something happened last night with some data that seem corrupt now. We would like to see whose fault that was. Thanks!

9 REPLIES 9

Bernhard_SAP
Advisor
Advisor

‎06-24-2008 10:34 AM

0 Kudos

Hi,

if you have enabled the security audit log (SM19) with the appropriate filters, that will be easy (check the result in SM20). You can also try TX STAD. I hope that helps.

b.rgds, bernhard

Former Member

‎06-24-2008 10:34 AM

0 Kudos

> I can see who was logged in last night between two time points?

Most likely a job step user by the sounds of it. Shouting at them and cutting their pay does not help...

Check the job log (SM37) and also the security audit log (SM20). The problem of missing data most likely left some dumpts behind (ST22) and possibly update terminations (SM13) which will tell you more.

Former Member

‎06-24-2008 11:13 AM

0 Kudos

Thanks! STAD helped so far, though this list is way too long What exactly does SM19 do? It is disabled here, should we give it a try? What´s the difference to STAD?

Bernhard_SAP
Advisor
Advisor
In response to Former Member

‎06-24-2008 11:38 AM

0 Kudos

Hi Peter,

regarding SM19, please refer to SAP note 139418.

b.rgds, Bernhard

Former Member
In response to Former Member

‎06-24-2008 12:23 PM

0 Kudos

> What exactly does SM19 do? It is disabled here, should we give it a try?

Activating SM19 will not bring back last night though. You will need to use other investigations.

If something happens during the night, the first thing I would check are batch jobs.

Cheers,

Julius

Former Member

‎06-24-2008 12:33 PM

0 Kudos

I have to correct the time to "6pm to 12pm" I have just spoken to an admin, there were no data broken but some important values have changed, like a stock number.

I will test sm19 for 24 hours and see what it can so. I created a new profile and added a filter, then activated it. Do I have to restart the system now or does it work right away?

Former Member
In response to Former Member

‎06-24-2008 12:48 PM

0 Kudos

If you use the dynamic profiles, then you do not need to restart the system. Only for the static profiles to take affect.

Cheers,

Julius

Former Member

‎06-24-2008 1:20 PM

0 Kudos

Great, it works Thanks!

Where can I find the logfile on the file system?

Former Member
In response to Former Member

‎06-24-2008 1:27 PM

0 Kudos

Depends on where you write them to But you normally read them from SM20.

Check the rsau/* params in RZ11 or open the menu in SM19. There are defaults, but you can change a number of the params for the Security Audit Log; these generally do require a restart though.

Cheers,

Julius

PS: Also see the sticky thread at the top of the forum. In the monitoring section there is a thread about monitoring and legal requirements which also contains more infos.

Edited by: Julius Bussche on Jun 24, 2008 12:28 PM