Defining Filters

You define the events that the Security Audit Log should record in filters.

You can specify the following information in the filters:

  • User
  • SAP System client
  • Audit class (for example, dialog logon attempts or changes to user master records)
  • Weight of event (for example, critical or important)

For examples of filters, see Example Filters.

You can define filters that you save in static profiles in the database (see Maintaining Static Profiles) or you can define them dynamically for one or more application servers (see Changing Filters Dynamically).

Prerequisites

  • The number of filters you can specify is defined in the profile parameter
    • rsau/selection_slots.
  • You are either
    • defining static profiles or changing filters dynamically using the Security Audit Log configuration tool. For each allocated filter, a tabstrip appears in the lower section of the screen.

Procedure

  1. Select the tabstrip for the filter you want to define.
  2. Enter the Client and User names in the corresponding fields.

    3. You can use the wildcard (*) value to define the filter for all clients or users. However, a partially generic entry such as 0* or ABC* is not possible.

  3. Select the corresponding Audit classes for the events you want to audit.
  4. Audit events are divided into three categories, critical, important, and non-critical. Select the corresponding categories to audit.
    • Only critical
    • Important and critical
    • All
  1. If you want to define the events to audit more specifically:
    1. Choose Detailed configuration.

      2. A table appears containing a detailed list of the audit classes with their corresponding event classes (critical, severe, non-critical) and message texts. (The message texts correspond to the system log messages AU.)

    2. Select the events you want to audit. You can either:
      • Select a single event by activating the Recording indicator for a specific event.
      • Select all events for an entire audit class by choosing the audit class descriptor (for example, Dialog logon).
    1. Choose Accept changes.

The filter tabstrips reappear.

If you have made detailed settings, then the audit class and event class indicators no longer appear in the corresponding filter tabstrip. To cancel the detailed settings and reload the default configuration, choose Reset.

  1. To activate the filter, select the Filter active indicator.
  2. Continue with
    3. defining static profiles or changing filters dynamically.

Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

topics