Monday, April 7, 2008

SAP Security Audit: SM19

使用SA38_RSPARAM 或 T-code: RZ11檢查Security Audit Log是否啟用:
  • rsau/enable=1 啟用
  • rsau/enable=0 未啟用
但即使未啟用 (rsau/enable=0),客戶使用SM19啟動Audit Log功能仍有效,此係動態方式設定;若要採用靜態方式才須設定rsau/enable為1。

1. Static filters
If you use static filters, all of the application servers use identical filters for determining which events should be recorded in the audit log. You have to define filters only once for all application servers. You can also define several different profiles that you can alternatively activate.

Result
The filters you define are saved in the audit profile. If you activate the profile and restart the application server, actions that match any of the active filter events are then recorded in the security audit log. Before you can set Static Filters, you must first set the following profile parameters:
rsau/enable
rsau/local/file
rsau/max_diskspace/local
rsau/selection_slots

2. Dynamic filters
Dynamic filters enable you to respond to real-time events in your system environment, setting traps that can assist you in addressing a security problem. With this option, you can dynamically change the filters used for selecting events to audit. The system distributes these changes to all active application servers.

Result
The audit filters are dynamically created on all active application servers. If you activate the profile(s), any actions that match any of these filters are recorded in the security audit log. Changes to the filter definitions are effective immediately and exist until the application server is shut down. Before you can set dynamic filters, you must first set the following profile parameters:
rsau/local/file
rsau/max_diskspace/local
rsau/selection_slots


資料來源 (Provided by Rita)
https://www.sdn.sap.com/irj/sdn/thread?threadID=328127
SM19 Dynamic Configuration.


No comments: