Skip to Content
Actions

Accessing SM20 logs of a different system

October 17, 2013 | 287 Views |
Follow

Detail

This document contains the procedure that needs to be followed to view the audit logs through SM20 in case you have changed the system name for some maintenance/upgrade activities and this system will be a temporary one and will be retired as soon as the tasks are finished. For example for a SPS implementation you we have renamed the SANDBOX ADX to ADT and we need to review the ADT logs from ADX.

Steps

  • Copy the  .AUD file (Through OS level) from temp system to the system through which the SM20 logs to be viewed. I also recommend to copy in a different folder and avoid copying in to existing audit for not to overwrite the existing audit files.
  • Run transaction code SE38/SA38/SE80/SE90 or any other report execution t-codes
  • Use the report RSAU_SELECT_EVENTS
  • Provide the inputs as shown below (Please consider name of the audit file, date & time will change based requirement)

     Audit Files.JPG

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. Burak Ozgen

    Hi Praven,

     

    We want to take this exported log’s to our SIEM product but in .AUD file all logs comes with one line. Is there a configuration to divide this logs into different columns like below.

    2AUW201711190000040***084000***3        RFC_BW_EHP                      RSBATCH_EXECUTE_PROZESS                 1001RSBATCH_EXECUTE_PROZESS&                                                            
3FU1201711190000040***084000***3        RFC_BW_EHP                      RSBATCH_EXECUTE_PROZESS                 1001RSBATCH_EXECUTE_PROZESS&RSSM_GET_TIME_INT&ashost=bwappprod2,sysn                    
2FU1201711190000040***084000***3        RFC_BW_EHP                      RSBATCH_EXECUTE_PROZESS                 1001r=00,client=100,logon_screen=0

    Thanks for help

    (0) 

Leave a Reply