Displaying the Audit Analysis Report

The Security Audit Log produces an audit analysis report that contains the audited activities. By using the audit analysis report you can analyze events that have occurred and have been recorded on a local server, a remote server, or all of the servers in the SAP System.

The audit analysis report produced by the Security Audit Log is designed analog to the System Log.

Procedure

  1. To access the Security Audit Log analysis screen from the SAP standard menu, choose Tools à Administration à Monitor à Security Audit Log à Analysis.
  2. The Security Audit Log: Local Analysis screen appears; local analysis is the default.

  3. If you want to analyze a remote server, choose Security Audit Log à Choose à Remote Audit Log. To analyze all servers, choose Security Audit Log à Choose à All audit logs.
  4. Your choice is displayed next to the Imported audit log entries field.

  5. If you choose to analyze a remote server, then enter the name of the application server in the Instance name field.
  6. Enter any restrictions you want to apply to the audit analysis report in the appropriate fields or by selecting the desired indicators (for example, From date/time, To date/time, User, Transaction, Audit classes, or Events to select).
  7. Events are classified into three categories, critical, important, and non-critical, with critical being the most important. You can view critical events only, critical and severe events, or all events.

  8. If you want to include or exclude specific messages from your report:
    1. Choose Edit à Expert mode.
    2. Choose Message filter.
    3. Select either Only these messages or All except these messages as appropriate.
    4. Enter the message numbers you want to include or exclude. (The message numbers correspond to the system log messages AU.)
    5. Choose Use.
  1. To modify the output format, change the options in the Format section. For more information, see
  2. The Audit Log Display Options.
  3. To read the Security Audit Log, choose one of the following options:
    • Choose Security Audit Log à Re-read audit log to initially read or to replace a previously read log.
    • Choose Security Audit Log à Re-display only to view the last audit log you read. For example, you can change the Selection options to modify the audit analysis report without having to re-read the log.
    • Choose Security Audit Log à Read audit log to merge new information using different selection criteria with the current information in the audit analysis report.

The Imported audit log entries field tells how many log entries the system has read from the log file. When you first enter the Audit Log: Analysis initial screen, this field is set to the value "0".

Sorting the Audit Log Display

To sort the audit analysis report, choose Security Audit log à Sort à .

The following sort options are available:

  • Write sequence
  • Time
  • Instance

Result

The result is the audit analysis report containing the messages that correspond to your selection criteria. By selecting an individual message, you can view more detailed information (see Reading the Audit Analysis Report).

No comments:

topics