Security Audit Log (SAL): Big Endian versus Little Endian (or not)
Imagine the scenario where your system was migrated from one server to another. The OS used was changed. In order to keep SAL data, you have moved SAL files from the original system to the new system. However, you have no results in your SM20 reports. What happened? How to resolve this issue?
Big versus Little?
Usually the code page from the server changed. You may also have changed from a big endian system to a little endian one, from your favorite Unix flavor to your favorite Linux flavor (or vice-versa). You can read more about what “endian” means in SAP note 552464.
You can use transaction code I18N to view the current internationalization system configuration:
Then you can find the code page of your system. In my test system, it is 4103 (Windows Server).
My source system have code page 4102 (AIX). Yes, you need to check the I18N system configuration in both systems, so you have the correct code pages.
The issue: moving one SAL file from the source system to the new system, and reading the file via report RSAU_SELECT_EVENTS shows:
The file size is more than 20 Megabytes and no entry found? Who would think that a simple code page change would cause such effect!
How to resolve the issue?
The short version: file conversion.
The long version: use report RSCP_CONVERT_FILE. It allows you to specify source and target code pages, specify the location of the files.
Note that you need to specify one file that contains the list of files that should be converted.
My file “list.txt” holds the list of files that I want to convert. For test purposes, I just put a single row in the list.
The input screen is this one:
The result of the file conversion:
Now, the result of RSAU_SELECT_EVENTS:
539404 – FAQ: Answers to questions about the Security Audit Log
747615 – Tool for converting files from one code page to another
752859 – sapiconv – a tool for converting the encoding of files
Do not miss the most comprehensive document on SAL that I ever found, available here: “Analysis and Recommended Settings of the Security Audit Log (SM19 / SM20)”.
If you have missed my previous blogs on SAL:
- Security Audit Log (SAL): No UNC, No NFS mounts
- Security Audit Log (SAL): One directory for all SAL files
- Security Audit Log (SAL): Single file or Multiple Files?
Stay tuned for my next blog series on… surprise, surprise! 😎