SAP User authentication logs to Push logs to LogRh...

former_member703366 · ‎10-25-2021

Dear Experts,

Do we have any standard procedure to provide below logs to Lorhythm.

Below are the types of expected logs:
Application Audit Trails (Not System Audit Trials):
- Users Authentication, Focusing on Privileged users and Authentication Failure for all users.
- User Created/Modified/Deleted from Access the system.
- Users Granted/Revoked Permissions on the system.

I am following blog to setup from Hana/Linux but couldn't find it for SAP ABAP system.

https://archive.sap.com/documents/docs/DOC-51098

Please advise how to proceed.

Thank you in advance.

JoeGoerlich · ‎10-27-2021

Hello,

you can find audit logs of such events in the Security Audit Log (SAL). For more information I recommend to have a look at https://blogs.sap.com/2014/12/11/analysis-and-recommended-settings-of-the-security-audit-log-sm19-sm....

In ABAP, you can read from the audit log as described by https://launchpad.support.sap.com/#/notes/2641084.

SAP offers the solution SAP Enterprise Threat Detection (ETD) for this job, which can also be used to forward (prefiltered) events. There are also 3rd party solutions which are capable to forward or export the SAL to a SIEM solution.

Best regards,

Joe

SAP User authentication logs to Push logs to LogRhythm

Accepted Solutions (0)

Answers (1)

Answers (1)

Re: Revaluation of Batch Item Variance Recognition

Re: FPSCHEDULER future target run date is required

FPSCHEDULER future target run date is required

Re: Revaluation of Batch Item Variance Recognition

Re: Unable to configure SAP CC Catalog webservice ...