The Security Audit Log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. By activating the audit log, you keep a record of those activities you consider relevant for auditing. You can then access this information for evaluation in the form of an audit analysis report.
The audit log’s main objective is to record:
- Security-related changes to the SAP System environment
(for example, changes to user master records) - Information that provides a higher level of transparency
(for example, successful and unsuccessful logon attempts) - Information that enables the reconstruction of a series of events
(for example, successful or unsuccessful transaction starts)
Specifically, you can record the following information in the Security Audit Log:
- Successful and unsuccessful dialog logon attempts
- Successful and unsuccessful RFC logon attempts
- RFC calls to function modules
- Successful and unsuccessful transaction starts
- Successful and unsuccessful report starts
- Changes to user master records
- Changes to the audit configuration
To configure the audit log –> sm19
To see the audit log –> sm20
To delete old log –> sm 18
Before you activate the audit log you have to setup several parameters in RZ10 :
rsau/enable: Set to 1 to activates audit loggingrsau/local/file: Name and location of the audit log filersau/max_diskspace/local: Max. space of the audit file. If maximum size is reached auditing stops.rsau/selection_slots: Max. number of filters
the maximum size of an audit file is 2 gigabytes for a single day, so the in case of profile parameter rsau/max_diskspace/local the min value is 1000000kb & maximum value is 2GB
For profile parameter rsau/max_diskspace/per_file minimum is 1MB & Maximum is 2 GB
For rsau/max_diskspace/per_day minimum value should be 3*per_file & maximum 1024 GB.So check these parameter.
For more detail see the following page http://help.sap.com/saphelp_nw04/helpdata/EN/2c/c59d37d373243de10000009b38f8cf/frameset.htm