Skip to Content
Technical Articles
Author's profile photo Antonio Maradiaga

Exploring the SAP Audit Log Service

A new SAP Tech Bytes series is starting today. In this blog post, I will share what is covered in the video that was release today (2022-06-27) and the videos that will be released in the next couple of weeks.

The SAP Audit Log service is a platform service which stores all the audit logs written on your behalf by other platform services that you use. It allows you to retrieve the audit logs for your subaccount via the Audit Log Retrieval API or view them using the Audit Log Viewer. The SAP Audit Log service only stores audit log entries written by SAP BTP services, when taking action over your account data. As a developer, the custom applications/services (non-SAP), that you deploy to SAP BTP, do not have write access to the Audit Log Service.

SAP%20Tech%20Bytes%20-%20Exploring%20the%20SAP%20Audit%20Log%20service

SAP Tech Bytes – Exploring the SAP Audit Log service

In these new SAP Tech Byte series, I will be exploring the SAP Audit Log service, which is a free service part of the SAP Business Technology Platform. I will start by giving an overview of the service and interacting with it via the API. In the second part, I will proceed to use SAP Cloud Integration to extract the data from the API. In the last part of the series, I will show you how we can store the log entries in SAP HANA Cloud or in an Object Store with SAP Cloud Integration. The architecture diagram below captures what the whole series will cover.

Services%20used%20in%20the%20SAP%20Tech%20Bytes%20-%20Exploring%20the%20SAP%20Audit%20Log%20service

Services used in the SAP Tech Bytes – Exploring the SAP Audit Log service

In case you wonder how I created the architecture diagram above… Hint: No diagram tools used, just code. I will be sharing the details in a future blog post. Stay tuned đŸ“». Check out this blog post – https://blogs.sap.com/2022/06/29/creating-architecture-diagrams-with-code/.

In this first part of the series, I cover the following:

  • 0:00 Intro
  • 1:11 SAP Audit Log Service overview
  • 4:41 Audit Log Viewer
  • 7:15 What’s required to interact with the Audit Log service API
  • 9:35 Create an instance of the Audit Log Management service
  • 13:00 Create service key for the instantiated service
  • 14:20 Call the Audit Log Retrieval API from Postman
  • 14:48 Get an access token (authentication)
  • 17:05 Retrieving Audit Log records
  • 19:13 Pagination – handle query parameter

I hope you find these new SAP Tech Bytes series useful. If you want to be notified of future SAP Tech Bytes videos or just videos focused on SAP Developers, make sure to subscribe to the SAP Developers YouTube channel.

Assigned Tags

      8 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Marçal Oliveras
      Marçal Oliveras

      Hi Antonio Maradiaga , I have a few questions I hope you can help:

       

      • Unfortunately the "log viewer" app is not available when using Google Cloud subaccounts. Do you know if it will be made available?
      • Does the Audit Log store logs for the Launchpad Service?
      • When enabling the log API service it in BTP, it asks for the runtime environment. I thought I had to select Cloud Foundry but it doesn't allow me. I had to select "Others". What does others exactly mean?

      Kind regards,

      M. Oliveras

      Author's profile photo Antonio Maradiaga
      Antonio Maradiaga
      Blog Post Author

      Hi Marçal Oliveras,

      • Not sure when it will be available in all Google Cloud subaccounts. At the moment, it is only available in US Central (cf-us30).
        Availability%20of%20Audit%20Log%20viewer%20service
      • Audit log store logs for Launchpad service: Yes, see the Data Protection and Privacy section of SAP Launchpad in the SAP Help documentation.
      Author's profile photo Steven Foo
      Steven Foo

      HI, Thank you for provide your video recording about how to setup the retrieval of the audit log.

      Get

      We follow your steps until GET part where we encounter the following error in Postman.

      Similar to 403 Forbidden, but specifically for use when authentication is possible but has failed or net yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource.

       

      We test the POST without issue, and we copy the access_token value and paste into the environment. What is missing?

       

      Appreciate your feedback.

      Author's profile photo Nagesh Caparthy
      Nagesh Caparthy

      Hi Antonio,

      Thank you for the blog and the details.

      I have activated the service and have the following error with no details. Not quite sure how to fix this without any error details:

       

      Regards,

      Nagesh

      Author's profile photo Nagesh Caparthy
      Nagesh Caparthy

      It's working now, I added the two roles:

        • auditlog-management!b*

        • auditlog-viewer!t*

      Regards,

      Nagesh

      Author's profile photo Jens Schwendemann
      Jens Schwendemann

      Theres also a "chance" that you are authenticating with a corporate IdP where the role was setup to use SAP's built in IdP (SAP ID Service). See https://me.sap.com/notes/3287339

      Author's profile photo Kaito Omata
      Kaito Omata

      Hi Antonio, I am a new user of Audit Log Viewer.

      I would like to ask about the values that can be retrieved in Audit Log Viewer.
      I think the org_id or tenant ID displayed in BTP Cockpit and the value that can be retrieved in Audit Log Viewer are different.
      How can these values be converted to actual values that can be retrieved in Audit Log Viewer?

      Regards,.

      Author's profile photo Jens Schwendemann
      Jens Schwendemann

      Hi All / Antonio,

      when I look at the services of an BTP subaccount I see Audit Log Service API as being deprecated. (it was automatically assinged to the subaccount).

      Is Audit Log Management Service the replacement or is it something else? Does the deprecation affect the API access you laid out in your blog?

       

      Many thanks and cheers

      Jens