Security
of computer systems (cybersecurity, or IT security) is very important part of
today's word. ERP systems are not excluded from it. In this case a term Enterprise
information security is used. Systems are becoming so complex and complexity
brings vulnerability, bugs etc that can be misused by an attacker.
In
SAP NetWaver ABAP Stack/ABAP Platform based systems there are few tools
available that support analyzing of security aspects. One of them is called SAP
Security Audit Log (in short SecAudit). It comprises of few t-codes like SM18,
SM19 and/or SM20. Purpose is to generate logs of security-related system on
different events. Such as configuration changes or unsuccessful logon attempts
(dialog, background (e.g. Over RFC)); changes to user master records; RFC calls
to function modules; successful/unsuccessful transaction starts; changes to the
audit configuration; files uploads/downloads, activation/deactivation of HTTP
services; changes to ICF (Internet Connection Framework); usage of digital
certificates/signatures; unsuccessful password checks; activities in Virus Scan
Interface (VSI) etc. The events to be logged are defined in the Audit Log’s
configuration. The recorded events provide information useful for monitoring
changes to the SAP system or for tracking a series of events.
SM19 - Configuration of security audit log. Static/Dynamic
configuration, Kernel Parameters - to create profiles for the Security Audit
Log. With the filters in the profile, determine which events are to be recorded
for which users.
SM20 / SM20N - Analysis of Security Audit Log
SM18 - Reorganize Security Audit Log, deletion
of old SecAudit logs
More
information:
Support site
component: BC-SEC-SAL
539404 - FAQ:
Answers to questions about the Security Audit Log
2191612 - FAQ |
Use of Security Audit Log as of SAP NetWeaver 7.50
2546993 - Analysis
and Recommended Settings of the Security Audit Log (SM19 / SM20)
