Skip to Content
Author's profile photo Jörg Knaus
Jörg Knaus
August 14, 2015 2 minute read

How to Setup SAP HANA Audit Trace (Quick Start)

there is a great document on hana auditing http://scn.sap.com/docs/DOC-51098 which explains all the details regarding hana auditing

this document shows how easy it is to setup auditing in hana:

You need the Authorization AUDIT ADMIN:

in SAP Hana Administration, go to security node:

/wp-content/uploads/2015/08/overview_truncate_770787.jpg

here you have to generally activate the Auditing Feature (the same can also be done using global.ini/auditing_configuration or with SQL

ALTER SYSTEM ALTER CONFIGURATION (‘global.ini’,’SYSTEM’) set (‘auditing configuration’,’global_auditing_state’ ) = ‘true’ with reconfigure; )

Select Log File Destination (Default is Hana Table CSTABLE), see http://scn.sap.com/docs/DOC-51098 for details

create Audit Policies here (using green + button) or use SQL Statemens to do the same:

* Policy to Monitor assignements of Privileges/Roles etc (CRITICAL)

DROP AUDIT POLICY Z_USER_AUDITING;

CREATE AUDIT POLICY Z_USER AUDITING ALL GRANT PRIVILEGE, REVOKE PRIVILEGE, GRANT ROLE, REVOKE ROLE LEVEL CRITICAL;

ALTER AUDIT POLICY Z_USER ENABLE;

* Policy to Monitor unsuccessful Logins (WARNING)

DROP AUDIT POLICY Z_CONNECT_UNSUCCESSFUL;

CREATE AUDIT POLICY Z_CONNECT_UNSUCCESSFUL AUDITING unsuccessful CONNECT LEVEL WARNING;

ALTER AUDIT POLICY Z_CONNECT_UNSUCCESSFUL ENABLE;

* Policy to Monitor successful Logins (INFO)

DROP AUDIT POLICY Z_CONNECT_SUCCESSFUL;

CREATE AUDIT POLICY Z_CONNECT_SUCCESSFUL AUDITING successful CONNECT LEVEL INFO;

ALTER AUDIT POLICY Z_CONNECT_SUCCESSFUL ENABLE;

* Policy to Monitor ALL Actions with user SYSTEM (INFO(

DROP AUDIT POLICY Z_SYSTEM;

CREATE AUDIT POLICY Z_SYSTEM AUDITING ALL ACTIONS FOR SYSTEM LEVEL INFO;

ALTER AUDIT POLICY Z_SYSTEM ENABLE;

* Policy to Monitor ALTER commands with SYSTEM (CRITICAL)

DROP AUDIT POLICY Z_SYSTEM_ALTER;

CREATE AUDIT POLICY Z_SYSTEM_ALTER AUDITING ALL ALTER USER FOR SYSTEM LEVEL CRITICAL;

ALTER AUDIT POLICY Z_SYSTEM_ALTER ENABLE;

* Policy to find unsuccessful Logons with SYSTEM User (CRITICAL)

DROP AUDIT POLICY Z_SYSTEM_UNSUCCESSFUL_LOGON;

CREATE AUDIT POLICY Z_SYSTEM_UNSUCCESSFUL_LOGON AUDITING unsuccessful CONNECT FOR SYSTEM LEVEL CRITICAL;

ALTER AUDIT POLICY Z_SYSTEM_UNSUCCESSFUL_LOGON ENABLE;

* Example Policy for Selects on specific table or schema

DROP AUDIT POLICY Z_OBJECT_AUDIT;

CREATE AUDIT POLICY Z_OBJECT_AUDIT AUDITING successful  SELECT ON M2MEVAL.*   LEVEL INFO;

ALTER AUDIT POLICY Z_OBJECT_AUDIT ENABLE;

How to Reorg Audit Log:


Use the Red Icon on the top/right to select truncate of old records:

/wp-content/uploads/2015/08/button_truncate_770788.jpg

/wp-content/uploads/2015/08/select_truncate_770924.jpg

how can i show the audit_log entries:

use SQL or Data Browser on Public Synonym AUDIT_LOG:

  /wp-content/uploads/2015/08/show_audit_trace_770925.jpg

Assigned Tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Wonderful !

      Author's profile photo Venkata Gadi
      Venkata Gadi

      It is very good, can you send some recommendation by sap for setting audit trail target to database table over .CSV file system.