The system administrator or security administrator defines the events you want to audit in filters. This information is stored in the control block, which is located in the application server.s shared memory. The SAP system uses this information to determine which audit messages should be written to the audit file.
Filters consist of the following information:
· . Client
· . User
· . Auditclass
· . Weightofeventstoaudit
The audit class returns information about the following:
· . Dialog logon
· . RFC/CPIClogon
· . Remotefunctioncall(RFC)
· . Transaction start
· . Reportstart
· . User master change
You can specify the weight of events to audit:
· . Audit only critical
· . Audit important and critical
· . Auditallevents
You specify the information you want to audit in filters that you can either:
. Create and save filters permanently in the database . Change filters dynamically on one or more application servers
If you decide to create and save the filters permanently in the database, all of the application servers use identical filters for determining which events should be recorded in the audit log. You have to define filters only once for all application servers. You can also define several different profiles that you can alternatively activate.
Note: When using static filters, you must restart the instance before the filter is active.
You can also decide to dynamically change the filters used for selecting events to audit. The system distributes these changes to all active application servers. You do not have to restart the instance for the filters to be active. Dynamic filters are not saved for reuse after system stops or system starts.
No comments:
Post a Comment