Friday 23 August 2013

How to troubleshoot for SAP security log missing in SM20

When performing "SM20" audit log review and found that the users tcode activities were missing from the trace

A) Temporary (Trace will be turn off after server restart)

1) Execute "SM19"

2) Select the "DynamicConfiguration" tab -> Select "Configuration" -> Select "Activate audit"

3) Click "Yes"

4) The trace activated successfully

5) Log file created in "/usr/sap/QAS/DVEBMGS68/log" showing the trace was started

6) Sample of the trace

7) With this option the only limitation will be the trace will be turn off after server restart

B) Permanent (Trace will remain on after server restart)

1) Execute "SM19" and select the "Static Configuration" tab

2) Click "Environment" -> "Profile parameter"

3) Select parameter: "rsau/enable", value 0 = trace disable, value 1 = trace enable

4) Double click "rsau/enable" to show the explanation of the parameter

5) Execute "RZ10" to change the parameter, select the instance profile

6) Select "Extended maintenance" and click "display" button

7) Click "Create Parameter" button to insert the "rsau/enable=1"

9) Once profile added and activated, try restart the server and the log tracing will be still running.

No comments:

Post a Comment