11/27/2021

Rsau Local File

  1. Rsau Local File Cabinet
  2. Rsau/local/file Not Found

– Parameter rsau/enable has value 1 (audit switched on) or audit was activated dynamically using Transaction SM19. A n d – Parameter rsau/maxdiskspace/perfile is zero, that is, it is not used. If parameter rsau/maxdiskspace/perfile is used, parameter rsau/maxdiskspace/local is no longer meaningful and will no longer be analyzed. Enable the Security Audit Log. Names and locations of audit files. Maximum space to allocate for the audit files. Number of filters to allow for the Security Audit Log.

Hi,
I have activated the following profile parameters in my instance profile:
rsau/enable = 1
rsau/max_diskspace/per_day = 0
rsau/selection_slots = 2
rsau/local/file = G:usrsapD0D00log++++++++.AUD
rsau/max_diskspace/per_file = 0
rsau/max_diskspace/local = 1000000
and activate 2 filters under static configuration in sm19. then i stop start the instance in sap console.
using sm20, there's no analysis data. there's no file in G:usrsapD0D00log too.
Do I have to restart the whole server? or did i miss out anything?
appreciate any guidelines.

Hi,
I don't know which is your operating system, but maybe SAP note 173743 is useful here.
Regards,
Désiré

Similar Messages

  • Hi everybody,
    our data protection team has raised the requirement to log all data downloads from our BW system. As far as I know, it is possible to log downloads in SAP GUI using Security Audit Log, but does this also cover 'Export to Excel' functionality of query results executed in the portal? And what about execution of queries with BEx Analyzer? I doubt, if that tool would log this. Are there any other tools available to cover that requirement?
    Any comment and idea is welcome. Thanks in advance!
    Regards,
    Carsten

    If restricted to ALV I think it can be done, but even there... if the user executes it in background and mails or prints the spool request then the cat is out of the box...
    Moral of the story: Do not grant access if the user should not be able to see the data (regardless where they log on from).
    That you cannot monitor / log all (mass) download events is however a bit unfortunate, however once the data is outside of the system for those whom you do trust then you anyway need to train them not to park sensitive files on project or public file servers.
    IMO the main problem here is front-end computing tools (like Excel, etc) which the users feel more confortable with to analyze data than the server side analytics tools (e.g. in the ALV task bars, or even the BOBJ Dashboards which are very 'user-sentric').
    In German it is known as 'Bauern mentalität' (farmer mentality) which generally resides at the application surphase layer in the greater scheme of things:
    -> You do not eat anything you have not slaughtered yourself...
    Specifically regarding tokenization, you can consider not displaying the data in the portal. If the user wants to display these fields they have to navigate in their own context into the backend system to retrieve the token and then only display individual values.
    --> A download of a list via the portal or BEX excludes these fields which the user can access, but not mass download.
    I think this is possible, but it will be a challenge depending on whether the fields support tockenization. Credit Card numbers as mentioned my Martin is fairly vanilla and already used.
    Custom fields&types, insufficiently critical elements and older programs will be a bigger challenge.
    Please provide more details, as the generic answers are not well take care of IMO. If you cannot provide mre details, then SDN discussions speculating on answers is not efficient either...
    Cheers,
    Julius

  • I would like to ask if we need to restart the server once we activated the Static Profile in SM19? I have 3 application servers and only 1 application server's audit log is running. When I try to activate the security audit log for the other two servers, I don't see the audit log updating after I clicked the Activate button. Profile parameter rsau/enable is already set to 1. space for audit files is sufficient. Is there anywhere else I can check why the audit log is not running?
    Thanks!

    If you set the dynamic filters, then you do not need to restart the server.
    If you set static filters, then you do need to restart the server for them to take effect.
    This may have changed, but in some releases if you display the dynamic filters and then return to the static filter tab, what you will be looking at on the screen will still be the dynamic filter settings. This can be confusing.

  • May be this is a repeat question for this forum. Apologize, if it is. Is there a way to schedule a batch job to generate security audit log (SM20) automatically and possibly send a message to SAP Inbox or generate a spool request? Release is 4.6C.
    Regards
    Nirmal

    > May be this is a repeat question for this forum. Apologize, if it is.
    You don't need to apologize. You only need to do a very simple search...
    > Total Questions: 18 (16 unresolved)
    Perhaps 16 of those 18 questions you have not followed up on could have been spared as well?
    Please do the needfull.
    Cheers,
    Julius

  • Dear colleagues,
    I got a following question from customer for security audit reason.
    > 'Logon date' and 'Logon time' values stored in table USR41 are exactly same as
    > logon history of Security Audit Log(Tr-cd:SM20)?
    Table:USR41 saves 'logon date' and 'logon time' when user logs on to SAP System from SAP GUI.
    And the Security Audit Log(Tr-cd:SM20) can save user's logon history;
    at the time when user logged on, the security audit log is recorded .
    I tried to check SAP GUI logon program:SAPMSYST several ways, however,
    I could not check it because the program is protected even for read access.
    I want to know about specification of 'logon time' between USR41 and security audit log,
    or about how to look into the program:SAPMSYST and debug it.
    Thank you.
    Best Regards.

    Hi,
    If you configure Security Audit you can achieve your goals...
    1-Audit the employees how access the screens, tables, data...etc
    Answer : Option 1 & 3
    2-Audit all changes by all users to the data
    Answer : Option 1 & 3
    3-Keep the data up to one month
    Answer: No such settings, but you can define maximum log size.
    4-Log retention period can be defined.
    Answer: No !.. but you can define maximum log size.
    SM19/SM20 Options:
    1-Dialog logon
    You can check how many users logged in and at what time
    2-RFC login/call
    Same as above you can check RFC logins
    3-Transaction/report start
    You can see which report or transaction are executed and at what time
    (It will help you to analyise unauthorized data change. Transactions/report can give you an idea, what data has been changed. So you can see who changed the data)
    4-User master change
    (You can see user master changes log with this option)
    5-System/Other events
    (System error can be logged using this option)
    Hope, it clear the things...
    Regards.
    Rajesh Narkhede

  • Dears,
    Is there a way to get the name of the ABAP program called through transaction SE38, or the FM called through transaction SE37, from the security audit log ?
    What is available is only : RSABAPPROGRAM for transaction SE38, and RSFUNCTIONBUILDER for transaction SE37
    Thanks.
    Reda

    I had always assumed this log to be in the SUBMIT statement, but never used it.
    If I remember correctly this is recorded it the runtime submit, so it should be there.
    Perhaps it is only in selected reports? I will check in my system.
    Please compare with sm20n and run the report from sa38. The submits are different in sa38 etc compared to se38.
    The FM will only be recorded it it has a destination extention in the source system which is mostly remote. Local fm calls are not recorded for sure.
    Cheers,
    Julius
    Edited by: Julius Bussche on Jul 26, 2011 11:32 PM

  • I have seen a huge number of companies who do not use SM19/SM20 or RZ20. It is not configured. example I worked for 3 clients(user base 14000, 16000,1000) and none of them have this configuration.
    Do you know why is it so if it is not configured at your place.
    Thanks
    Edited by: Pankaj Jain on Sep 26, 2009 7:02 PM

    Performance impact is dependent on the Hardware sizing and the daily monitoring activities together with the back up schedule by the BASIS team.
    My experience is: I have seen maximum of clients using this for logging activities of ALL users in the system. In other few cases, it is restricted to Super and Special users.
    Please go through the document: [Security Audit Log http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/2088d9d4-e011-2a10-bba9-90548dbc2d6a&overridelayout=true] (it's a bit Old)
    Try searching Community with SM20 / SM19 / Security Audit Log search strings.
    Regards,
    Dipanjan

  • Hi all,
    we are connecting a SAP ECC system with a third part product for log management.
    Our SAP system is composed by many application servers.
    We have connected the external tool with the SAP central system.
    The external product gathers data from SAP Security Audit Log (SM19/SM20).
    The problem is that we see, in the external tool, only the data available in the central system.
    The mandatory parameters have been activated and the system has been restarted.
    The strategy of SAP Security Audit Log is to create many audit log file for each application server. Probably, only when SM20 is started, all audit files from all application servers are read and collected.
    In our scenario, we do not use SM20 since we want read the collected data in the external tool.
    Is there a job to be scheduled (or something else) in order to have all Security Audit Log available (from all application servers) in the central instance ?
    Thanks in advance.
    Andrea Cavalleri

    I am always amazed at these questions...
    For one, SAP provides an example report ( RSAU_READ_AUDITLOG_EXTERNAL ) to use BAPIs for alerts from the audit log yet 3rd party solutions seem to be alergic to using APIs for some reason.
    However, mainly I do not understand why people don't use the CCMS (tcode RZ20) security templates and monitor the log centrally from SolMan. You can do a million cool things in SolMan... but no...
    Cheers,
    Julius

  • Hello,
    My client would like to activate the Security Audit log on his system. However he will like to know whether there could be any performance issue when activating it. Since I do not have any prior experience, can you please give me your general feedback on this subject. Have any of you experience performance issue when implementing security audit log and what can be done to minimize its effect?

    Hai,
    Activating Security Audit logs will not affect the performance of your SAP system. Since SAP Systems maintain their audit logs on a daily basis. The system does not delete or overwrite audit files from previous days; it keeps them until you manually delete them. Due to the amount of information that may accumulate, you should archive these files on a regular basis and delete the originals from the application server. This is the only thing you really need to take care since they might fill up the disk space if you dont archive or delete them on regular basis. Also since the data is very sensitive you should take extra care to protect the data.
    Please follow the below links for more details.....
    http://help.sap.com/saphelp_nw04/helpdata/EN/95/d2a8e36d6611d1a5700000e835363f/frameset.htm
    http://www.saptechies.com/faq-answers-to-questions-about-the-security-audit-log/
    Regards,
    Yoganand.V

  • Hello I am posting this on behalf of Carol, Would you please be kind on helping her?
    After the upgrade to ECC the t-codes for the ESS functions were
    changed to services that run via the portal. We need to find where the
    audit data is logged for these services. Below are some of the t-codes
    which are now run via the new service name.
    PZ02##sap.com/essusaddr/Per_Address_US
    PZ03##sap.com/essusbank/Per_Bank_US
    PZ10##sap.com/essusw4/Per_W4_US
    PZ11_PDF#sap.com/ess~rem/PaySlip2
    PZ18##Z_WDA_HR_EMRG_CONTACT
    A search of notes with 'security audit log' hasn't turned up any new
    information.
    Carol

    Hi Ricardo,
    check the notes:
    [544708 https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ)/bc/bsp/spn/sapnotes/index2.htm?numm=544708] - Changed password rules prevent ITS-based logon
    [872773 https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ)/bc/bsp/spn/sapnotes/index2.htm?numm=872773] - Changed password rules and ITS-based logon
    Alternatively use the search terms 'ESS Scenario PZ02/ Personal data' .. you might get some related notes.
    Regards,
    Srihari

  • Hi there,
    Can anyone tell me what will happen when the Security audit Log file is full on OS-level. Will the system stop? Is the file overwritten?
    Best regards,
    Joris

    Hello Joris ,
    1 ) Is the file overwritten? -> No
    2 ) Will the system stop? -> Yes , if there will no free space on drive / file system SAP system will stop.
    How to delete :
    1. To access the Security Audit Log reorganization tool from the SAP standard menu, choose Administration à System Administration à Monitor à Security Audit Log à Reorganization.
    The Security Audit: Delete Old Audit Logs screen appears.
    2. Enter the Minimum age of files to delete (default = 30 days).
    This value must be > 3.
    3. Activate the To all active instances indicator to delete the audit files from all application servers. Leave the indicator blank if you only want to delete the files from the local application server.
    4. Activate the Simulation only indicator if you do not actually want to delete the files. In this case, the action is only simulated.
    5. Choose Audit Log à Continue
    Regards ,
    Santosh Karadkar

  • Hello People,
    I have been trying to find some information about the System Profile Parameters that are required for Security Audit Logs.
    Can someone please explain what the parameter rsau/max_diskspace/per_day means? All that the SAP documentation says is that it is the Maximum size of all security audit files per day
    My understanding was that the audit files are stored on the application server itself and only 1 file is generated everyday. How then, is this parameter used?
    Regards
    Joy

    Hi Joy,
    I do not think this parameter should have any adverse effect. Depends on your server's hard disk space availability.
    rsau/max_diskspace/local gives space for a single security audit file. When we say that rsau/max_diskspace/per_day
    gives space for all, by my understanding we are limiting the total space that these files can take up.
    The max size of single audit file is 2GB and total space for all i.e. rsau/max_diskspace/per_day is 1024 GB
    When maximum space limit is reached, logging terminated. Next day new file is created.
    Couldn't find more explanation.
    regards, Sean.

  • Respected Guru's,
    Security audit log was deactivated, i have activated it recently in sm19.
    Now, i should get the details of people logged on when the audit log was deactive.
    What are the posibilities of Security audit being deactivated.
    Regards,
    Daya.

    Dear Alex,
    Please let me know how to check in ST03N.
    Further, how to retrive user logon data which is not recorded in the audit files.
    Edited by: Dayananadan Anandan on Nov 12, 2009 10:03 AM

  • Dear Experts,
    The rec/client parameter is set 'OFF'. So no security audit log is generated in SAP. but still if as Security audit log is required is there any way to get the log from SAP from any of the standard report, program or table.
    << Moderator message - Everyone's problem is important. But the answers in the forum are provided by volunteers. Please do not ask for help quickly. >>
    thanks in advance,
    Rahul
    Edited by: Rob Burbank on Jan 14, 2011 4:44 PM

    Table logging and Security audit log are two different things. if rec/client parameter is disable then table logging will not possible. but if you need audit log then you have to enable it through SM19.
    Regards,
    Subhash

  • I have enabled, security audit log for our landscape. But the terminal column is only of 8 characters in length.
    Whereas the names of terminals (Desktops and laptops) in my organisation is 15 character.
    Hence it is not possible to identify, from which particular workstation a transanction was executed.
    I am using SAP R/3 4.6C.
    Can anybody help?
    Regards,

    Thanks Eric,
    I too guessed the same...Because I have checked in ECC6...This shows ....the full name of the terminal.

Rsau/maxdiskspacelocal: max disk space (set to at least 1 GB) rsau/selectionslots: default is 2, but typically this is set to 10 slots Unfortunately these parameters are not dynamic, which means a system restart is required to activate these parameters. RSAUREADFILE is a standard SAP function module available within R/3 SAP systems depending on your version and release level. Below is the pattern details for this FM showing its interface including any import and export parameters, exceptions etc as well as any documentation contributions specific to the object.See here to view full function module documentation and code listing, simply. Rsau/maxdiskspace/local = zzzzz. Rsau/maxdiskspace/perfile = xxxxx. Rsau/maxdiskspace/perday = yyyyy. In such case, the configuration is not correct. It is not possible have a single file and multiple files, using a specific FNAUDIT value. Using SM20 in such case can bring a result like: Even though there are SAL entries recorded in the.

Maybe you are looking for

  • After the new 7 update my sound on my iphone5 does not work when I plug it into my car. If I unplug the phone I can hear music and voice nav. It seems to disable the volumn control since it is gray. Any ideas?? Thanks.

  • Dear All, I have difficulty in posting one time customer to cash journal, it did not prompt me for name and address. However in the website http://help. sap.com/bp_ bblibrary/ 600/documentatio n/N70_BPP_ 04_EN_DE. doc it mention it is able, does not

  • Hi I am using jdeveloper 10.1.3 I wrote some session ejb's in MODEL project and using database mysql I am using oc4j's auto deployment feature I have some JSF files in view project I ran successfully my applications few number of times Suddenly one d

  • Hello I try to use UCS Central to manage my differents pool (mac, WWN, UUID). From Central I can't see local pool of UCSM !!! From UCSM, i can see global port i defined, but when i choose a ressource of global pool, i have en error : Resolving identi

  • I've got the 6.0 bundle 2475 desktop software. My Blackberry Torch is paired to my new HP G72 laptop, running Windows 7 64, via bluetooth. To test that it is actually functional I've backed up my BB from Windows, and seen the file transferred via blu

The main system log, SAP systems can be seen by running transaction SM21
(Tools-> Administration-> Monitoring-> System Log). Displays a message with
the current SAP-instance. Log entries are read from the file specified by the
Not
parameter rslg/local/file. By default /usr/sap/<sid>/<Instance_name>/log/SLOG <instance_number>. Parameter rslg/max_diskspace/local sets the size of the

Rsau Local File Cabinet

After filling the old entries are deleted. The size of the single record 192 bytes.
You can collect log records from all application servers on the central instance.

Rsau/local/file Not Found

Details on the SAP Help Portal .

Transaction ST22 -view ABAP-system dumps. You can via the menu
'move to-> Reorganize' set term of storage dumps. The retention value of
File
dumps depends on the frequency of analysis of your systems. Usually, 7 days is

You can enable Security Audit Log system. From this you can see log successful
and failed logons, user blocking users, run reports, edit the transaction key.
Temporarily included in the transaction SM19. Constantly parameter
rsau/enable = 1. Option rsau/local/file sets the directory where to store the
logs. By default,/usr/sap/<sid>/<Instance_name>/log/audit_ <instance_number>.
Via parameter rsau/max_diskspace/local audit file size is set for the day.
Local
View history through the transaction SM20. Delete old logs transaction SM18.

There is also an option to activate auditing changes in tables. Write the profile parameter rec/client = XXX (client number).You can specify multiple
comma-separated mandates. For the required tables in SE11 in technical settings
include 'change history'. View audit transaction SCU3. The audit log is stored in