You specify the information you want to audit in filters that you can either:
- Create and save permanently in the database in static profiles.
- Change dynamically on one or more application servers.
If you use this option, all of the application servers use identical filters for determining which events should be recorded in the audit log. You only have to define filters once for all application servers.
You can also define several different profiles that you can alternatively activate.
With this option, you can dynamically change the filters used for selecting events to audit. The system distributes these changes to all active application servers.
This topic concentrates on permanently saving filters in static profiles in the database. For information on changing the filters dynamically, see Changing Filters Dynamically.
Filters saved in static profiles take effect at the next application server start.
Prerequisites
The following profile parameters must be set:
Audit Log Profile Parameters
Profile Parameter | Description |
rsau/enable | Enable the Security Audit Log |
rsau/local/file | Names and locations of the audit files |
rsau/max_diskspace/local | Maximum space to allocate for the audit files |
rsau/selection_slots | Number of filters to allow for the Security Audit Log |
Procedure
- To access the Security Audit Log configuration screen from the SAP standard menu, choose Tools à Administration ® Monitor ® Security Audit Log ® Configuration.
- Enter the name of the profile to maintain in the Displayed profile field.
- If you are creating a new audit profile, choose Profile ® Create. To change an existing profile, choose Profile ® Display <-> Change.
- Make sure the Filter active indicator is set for each of the filters you want to apply to your audit.
- Save the data.
- To activate the profile, choose Profile à Activate.
- Shut down and restart the application server to make the changes effective.
The Security Audit: Administer Audit Profile screen appears with the Static configuration tabstrip activated. If an active profile already exists, it is displayed in the Active profile field.
To display an existing profile before changing it, choose Profile ® Display.
The lower section of the screen contains tabstrips for defining filters. The number of tabstrips correspond to the value of the profile parameter rsau/selection_slots . Within each tabstrip, you define a single filter.
Result
The filters you define are saved in the audit profile. If you activate the profile and restart the application server, actions that match any of the active filter events are then recorded in the Security Audit Log.
On some UNIX platforms, you also need to clear shared memory by explicitly executing the program cleanipc . Otherwise, the old configuration remains in shared memory and the changes to the static profile do not take effect.
No comments:
Post a Comment