Accessing SM20 logs of a different system

Detail

This document contains the procedure that needs to be followed to view the audit logs through SM20 in case you have changed the system name for some maintenance/upgrade activities and this system will be a temporary one and will be retired as soon as the tasks are finished. For example for a SPS implementation you we have renamed the SANDBOX ADX to ADT and we need to review the ADT logs from ADX.

Steps

Copy the .AUD file (Through OS level) from temp system to the system through which the SM20 logs to be viewed. I also recommend to copy in a different folder and avoid copying in to existing audit for not to overwrite the existing audit files.

Run transaction code SE38/SA38/SE80/SE90 or any other report execution t-codes
Use the report RSAU_SELECT_EVENTS
Provide the inputs as shown below (Please consider name of the audit file, date & time will change based requirement)

1 Comment

You must be Logged on to comment or reply to a post.

Former Member

November 29, 2017 at 9:29 am

Hi Praven,

We want to take this exported log's to our SIEM product but in .AUD file all logs comes with one line. Is there a configuration to divide this logs into different columns like below.

2AUW201711190000040***084000***3        RFC_BW_EHP                      RSBATCH_EXECUTE_PROZESS                 1001RSBATCH_EXECUTE_PROZESS&                                                            
3FU1201711190000040***084000***3        RFC_BW_EHP                      RSBATCH_EXECUTE_PROZESS                 1001RSBATCH_EXECUTE_PROZESS&RSSM_GET_TIME_INT&ashost=bwappprod2,sysn                    
2FU1201711190000040***084000***3        RFC_BW_EHP                      RSBATCH_EXECUTE_PROZESS                 1001r=00,client=100,logon_screen=0

Thanks for help

Accessing SM20 logs of a different system

Assigned Tags