Hi all,

My name is Man-Ted Chan and I’m from the SAP HANA support  team. Today’s blog will be about SAP HANA auditing. Auditing is a feature in the SAP HANA database that allows admins to monitor and record actions performed to the SAP HANA system.

AUTHORIZATIONS

In order to activate and configure auditing the SAP user will need the following system privileges:

• AUDIT ADMIN

HOW TO ENABLE

1)      In the SAP HANA Studio expand the system on which you would like to enable auditing.

2)      Expand the ‘Security’ folder.

3)      Double click on the ‘Security option.’

4)      Click on the Auditing Status drop down menu; by default it will be ‘Disabled.’

5)      Select ‘Enabled.’

6)      Select your auditing type. There are 3 options:

a.       Syslog (Default) –  Uses the logging system  of the Linux OS

b.      CSV text file – Writes the audits as a CSV file in a user specified directory (in the example below it is /tmp/example). If the directory is left blank it will be written to the same directory the system trace files are written to

c.       Database Table – Audits are written to an internal table: AUDIT_LOG. In order to read from this table the user will need either the AUDIT ADMIN or AUDIT OPERATOR system privileges

7)      Click on the deploy button or press F8.

CREATING AN AUDIT POLICY

An audit policy defines the actions to be audited; in order to create an audit policy the user must have AUDIT ADMIN system rights.

1)      Click the green plus sign under the ‘Audit Polices’ panel.

2)      Enter in your policy name

3)      Click in the Audited actions field and then press the ‘…’

4)      The following popup will appear and users will select what actions they would like audited (in this example I will be auditing ‘CREATE ROLE’).

5)      Select when an audit record should be created in the ‘Audited actions status’ column.

a.       SUCCESSFUL – When an action is successfully executed it is logged

b.      UNSUCCESSFUL – When an action is unsuccessfully executed it is logged

c.       ALL – Both of the above situations are logged

6)      Select the audit level:

a.      EMERGENCY

b.      CRITICAL

c.      ALERT

d.      WARNING

e.      INFO (default)

7)      If needed, you can filter the users you would like to audit. Under the users column you can press the ‘…’ button,

and the following popup will appear:

8)      You can also specify the target object(s) to be audited. This option is valid if the actions to be audited involve SELECT, INSERT, UPDATE, DELETE.

9)      Once done press the deploy button or press F8 (please note that in the image below the Directory name is filled in, but it is not editable because the ‘Audit Trail Target’ is Database Table).

EXAMPLE OUTPUT
Database table example:

CSV example:

SYSLOG example:

DELETING THE AUDIT POLICY

To delete a create audit select it and press the red x.

The following popup will appear:

Once you hit OK press F8 or the execute button again.