- SM19 is used for Auditing.
Click on Create — specify the profile name, sleect the filter 1, filter 2, and select the audit classes for auditing. Example -: If a user logon failed then trace the terminal. Save and activate the profile[mostly it will be effective immediately] but is some older version restarting the instance is required.
2. Execute SM20 to display the auditlog.
3. Execute SM18 to delete the old audit log files which are older then 30 days.
4. The parameters that starts with “rsau” are related to auditing which can specify the space, auditing location, filename, filedir [older versions]
The audit logs are by default stored in
/usr/sap/SID/DVEBMGS00/log with extension .AUD
This will dramatically reduces the performance of the system so switch on the trace only during emergency requirements.
TECHNICAL AUDIT/BUSINESS AUDIT–:
The companies deploy the third party agencies to [public limited companies] audit the systems both technically and business [It is a SOX compliance]
Example –: RZ03.RZ10, SCC4, OB52 should be locked SM01 and if access is erqueired provide through Fire Fighter password rules. [Set in RZ10…like password expiry]
Frequency of password change for DB/SAP/OS admin.
The detailed list is provided in SECR [Which is obsolete — outdated], but the auditors make use of the list.
The current auditing is Role Bases where SAP provides default Roles for auditing which are in the namespace SAP_AUDIT*
Execute SECR and get the list of activities from technical audit.
NOTE–: As part of basis security provide the auditing roles based on the type of audit.