Following screen will appear. To enable the security audit log, you need to define the events that the security audit log should record in filters. Below for your convenience is a few details about this tcode including any standard documentation. Table maintenance is for creating, adding data to an existing table. I've found an article bu interested to understand if. You can find the file information below if your logging activated ; RSAU/local/file. The most used method to retrieve SAP User login history is using the standard SAP Transaction Code ST03N. Hi Chris, Please check your audit profile in SM19 and also ensure the parameters are set correctly. I have used SM19 to enable auditing on my SAP system, and when I logon using SNC or via HTTP I can see in audit file (using sm20) that the SAP user and client is shown, but there is no mention of the SNC name or HTTP logon method used to authenticate the SAP user. Below for your convenience is a few details about this tcode including any standard documentation. Because users typically access webdynpro applications from Netweaver client or web browser. A tool that contains a log of security-related system events such as configuration changes or unsuccessful logon attempts. Security Audit Log, SM18, SM19, SM20, RSAU_CONFIG, RSAU_READ_LOG, RSAU_READ_ARC, RSAU_ADMIN, SAL , KBA , BC-SEC-SAL , Security Audit Log , How To About this page This is a preview of a SAP Knowledge Base Article. About this page This is a preview of a SAP Knowledge Base Article. Secondly with the help of SAP All Profile a user can perform all as SAP all it. In the case of a timeout-triggered logoff, no security audit log events are generated. SM20, the amount of data being handled is quite big, reaching memory. Regards, Deborah. 0 Win2003 SqlServer 2005 we activated the audit of the system (SM20), but each time you restart the SAP instance must reconfigure the SM19. The Security Audit Log is a tool designed to be used by the auditors to monitor the activities in the SAP System. Go to Transaction Code ST05 and activate Trace for your SAP User Id. The Audit Information System (AIS) provides a means of logging additional activities in the Security Audit Log that are not captured in the System Log. Incorrect Microsoft Sentinel workspace ID or key If you realize that you've entered an incorrect workspace ID or key in your deployment script, update the credentials stored in Azure. A restart of the instance is required to activate the profile parameter. - Profile/Filter: 2 Selection by profile AUDIT/filter 002. Depending on the amount of data that you collect, the risk of impacting a production process is greatly reduced. 5 ; SAP S/4HANA 1610 ; SAP S/4HANA 1709 ; SAP S/4HANA 1809 ; SAP S/4HANA 1909 ; SAP S/4HANA 2020 ; SAP. For RSAU_CONFIG, first, check and implement note 2743809. This site uses cookies and related technologies, as described in our privacy statement, for purposes that may include site operation, analytics, enhanced user experience, or advertising. Of course you need to know where the log file is written to. Transaction SM20 is used to see the Audit log . Terminates all separate sessions and logs off immediately (without any warning!). • Audit class (for example, dialog logon attempts or changes to user master records) • Weight of event (for example, critical or. 3 SP1 and above; Web Intelligence (WebI) Bics Connections to BWSap Sm20 Tables Most important Database Tables for Sap Sm20 # TABLE Description Application Table Type; 1 : CDPOS: Change document items BC - Change Documents: Transparent Table 2 : BDCMSGCOLL: Collecting messages in the sap System 700 - UI Services: Structure 3 : RFCDES: Destination table for Remote Function CallSAP enhancement package 5 for SAP ERP 6. 108 Views Last edit Jul 13 at 03:10 PM 2. Check the RFC-connections pointing to the affected system for incorrect credentials. When we execute this transaction code, SAPMSM20 is the normal standard SAP program that is being executed in background. 0; SAP enhancement package 7 for SAP ERP 6. SAP Audit Management for SAP S/4HANA provides an end-to-end audit management solution that can be used to build audit plans, prepare audits, analyze relevant information, document result, form an audit opinion, communicate results, and monitor progress. Transaction codes SM20 or RSAU_READ_LOG can be used to view the audit log results. 1. The selection inputs I'm passing in are the standard options displayed in screen 300 and the subscreen on the main screen. Enter SAP#*. For more info on this, kindly refer the following notes and simplification list for SAP S/4 HANA 1610 Initial Shipment stack. The log of the local instance for a maximun of the last two hours is displayed by default. SAP System Logging (SM21) We use cookies and similar technologies to give you a better experience, improve performance, analyze traffic, and to personalize content. 4. 0 (audit log is not activated) First/initial Release of the SAP Blog Post documentation (Product Information). GRC AC 10. I copies the audit files from old server to new filesystem and set the parameters new. The session management system provides: Common administration and monitoring of session state. For testing purposes, I will use a SAP Netweaver 7. Normally only customizing tables should have the logging flag. BC - Security. You will get more details about each transaction code by clicking on the tcode name. I've been looking for a function module that will allow me to read the security audit logs that are viewed via SM20. In such case, the configuration is not correct. Select servers to include in the analysis. The advantage of this method is that you can once specify. I tried with wild card characters, it is not giving accurate user list. In a few cases I use an ABAP trial system to experiment. (Pallet number at which the material is located)This is a preview of a SAP Knowledge Base Article. In this article, I will provide an overview of the Emergency Access Management reports and which information can be seen. By continuing to browse this website you agree to the use of cookies. You can use transaction RSAU_CONFIG_SHOW to get an overview of the audit log settings. I am trying to configure buttons on BT116H_SRVO. Note. Option c) is not valid – and can give you headaches. SAP ERP Central Component all versions ; SAP ERP all versions ; SAP S/4HANA Cloud all versions ; SAP S/4HANA all versions ; SAP enhancement package for SAP ERP all versions ; SAP enhancement package for SAP ERP, version for SAP HANA all versions Keywords. For getting the Entries i would like to Execute the above function module. Notes:-. Go to Transaction Code ST05 and activate Trace for your SAP User Id. Apart from that other details e. rsau/user_selection. You will have to set the profile parameter rec/client=. New navigation features in ABAP Platform 2108 (AS ABAP 7. Then try to split the ASCII Itab data records and then create an internal table with the columns as it was in the prior program . We've load balancing, active log shipping and DB clustering. In most systems, the profile parameter rslg/local/old_file is also set and points. Click more to access the full version on SAP for Me (Login required). The sap:aggregation-role annotation is important for rendering the chart. GRC - SAP Audit Management (GRC-AUD) According to DIN EN ISO 9000, this is a systematic, independent, and documented process used to obtain audit results and to evaluate these results objectively in order to determine to what extent the criteria of audit have been fulfilled. Personnel Area Tables. 0. SUIM --> User Information System --> User --> By Logon Date and Password Change. Indeed i am looking for coloring the particular cell as you mentioned above , passing values to it_excel . user lock, SM19, SM20, RFC, JCO, Security Audit Log, analyze user lock, . As I told you only adding aggregates always keyword solved all my problems. The parameter rsau/max_diskspace/local is for specifying the maximum size for the file. The two transactions display the memory consumption from different points of view; furthermore, different terms are used for the same thing. So, all failed and successful logs of the remaining 84 event. It seems that, when trying to export audit data of users in tx. I tried to check action configuration but could not find the right way to do it. Relevancy Factor: 100. This event could be used in the following scenarios:. There are multiple types of runtime errors that we encounter. The sizing procedure helps customers to determine the correct resources required by an application. To access the Security Audit Log analysis screen, you can use transaction code SM20 security audit log sm20 You May The Security Audit Log produces an audit analysis. I've experimented a bit with SM19 authorizations and figured out that a read-only access to SM19 is possible if I deactivate S_C_FUNCT. You can use the transaction code SE16 to view the data in this table, and SE11 TCode for the table. SM18 - to delete old Security logs. This KBA aims to provide a manner of monitoring which ICF services are active/inactive and how to keep track of changes to the service state. 31 system. 2 Answers. EXCEPTIONS. Rakesh. I am turning on my SAP security audit log. So I am not considering this to get the Audit Log. Therefore the potential long term downside of permissioned chains is that logic and data ends up in. SAP Knowledge Base Article - Preview. Copy the . This log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. RFC Callback Whitelist. How. A selection groups a range of consolidation master data, typically the financial statement (FS) items, by using various filter criteria. Step 3 : Analyze the Security Audit log via transaction SM20. SM20 - Security Administrator run this report periodically to get the details of 'Failed logons' of the users in the Production system and investigate the causes. The host name is in there. These can be helpful when analyzing issues. Audit. On this page. If yes, please let us know how ? 2. The control to mitigate this risk could be the Security Audit Log and the adoption of a control procedure of the instrument’s output. Use. Logging and Monitoring. Our audit log report is not populating with data and I'm trying to determine if that's ok or if there's a configuration issue. I have a question on how to define the maximum number of the log to be kept in SAP? is there a parameter to define in RZ10? because currently the log generated by SM19 been deleted after 3 months and I checked the total size are less than 100MB, while the current system is being setup to maximum 200MB. Profile Parameter Definition Standard or Default Value; rsau/enable. AUD. Choose the relevant Options. The data and metrics are used by other subsystems in SAP Landscape Management such as dashboards, and alerts. 1. This enable. check the file list using. The same applies for all communication logs if an ABAP server is shut down. please explain the usage of transaction codes SM18, SM19, SM20 in SAP, for audit. The name of the file is usually SLOG<inr>, where <inr> is the instance number. you can check the user profile. Profile Parameter Definition Standard or Default Value; rsau/enable. But this will show the details of logged on users. Number of Selection Filters. Print preview is not available for ALV lists for in-memory databases. Transaction SM20 is. Has anyone able to achieve something like this? I need to supply SM20 report of a particular user and trying to schedule it as a batch job. 0; SAP enhancement package 6 for SAP ERP. Is there any other procedure is there in sap to check and trace the user details. It is similar to SM20 but offers advanced selection options. To extract data from all the clients, enter a wildcard value (i. 0 Keywords. Hey Community, In the past days I released a SAP Knowledge Base Article addressing the most common memory issue within the Security Audit Log. Does anyone know which tables are used to log the audit information. And click on staus. I am turning on my SAP security audit log. Number of filters to allow for the security audit log. Filter: Activate all events for the dialog activities 'logon' and 'transaction' for user 'DDIC' in all clients. tsalania). 4. Hello, We are tryed see the Events of Audit Log, but the system display the following messages: NOTE: This process was working ok a month ago. Report ZSM04000_SNC shows a cross-client list about users, their terminals, the connection type and the SNC status. SYSTEM_NO_SHM_MEMORY is happening in the system. Notes:-. Visit SAP Support Portal's SAP Notes and KBA Search. I tried to extract using st03 os01 sm20 etc but no luck. RSS. There is a possibility of monitoring program behavior through the SAP Security Audit (SM20). 様々な条件でレポートを出力できるように. 2 ; SAP NetWeaver 7. Regards. the Security Audit Log to record security-related system information such as changes to user master records or unsuccessful. Read more. 2 Answers. First you need to activate the SAP audit. The Security Audit Log. It is very important for SAP Consultant to know which are the Transaction Codes that are. My system landscape. Users can install and use the EAM Launchpad to perform ID-based firefighting directly on plug-in systems. Use the SAP Tcode SM19 for Security Audit Configuration. The Security Audit Log - SAP Help Portal. The reason why we cannot rely on SM20 audit log for logon or logoff is. SAMT: Information and Results for ABAP/4 Mass Tests. 2546993-Analysis and Recommended Settings of the Security Audit Log (SM19 / SM20) Symptom You want to know more about recommended settings of the security audit log. Transparent Table. Is it possible to enable Security Audit loging for a specific set of transactions or if all transactions need to be logged? Activate the user/users you want to monitor in SM19. 2 SP9 and above; SAP BusinessObjects Business Intelligence Platform 4. SM20 cannot show clearly if a users has performed PO related. 4) Then Use SM20 to read your logs. You can use the Security Audit Log to record security-related system information such as changes to user master records or unsuccessful logon attempts. 2: First the URL is searched, then the form specification. Batch input sessions enable the user to schedule jobs at regular intervals and store the data that is entered in the batch job. Following screen will appear –. This. You need to set the parameter rec/client = ALL in the DEFAULT profile. The also have AUDD and AUDA in S_ADMI_FCD. 1 ; SAP NetWeaver 7. SM20 – Security Administrator run this report periodically to get the details of ‘Failed logons’ of the users in the Production system and investigate the causes. - A solution that might have worked is via the 'SUBMIT' statement, but this would not fit because SM20 is not a report program. As of Release 4. Style: ZMOBSAPUI5. Hello, In SM20 we have a lot of alerts RFC/CPIC logon failed, reason=24, type=R, method=T user sapsys, client 000, program SAPMSSY1 , that are generating very often, every hour we have 2, 3 alerts. Page Not Found | SAP Help Portal. Visit SAP Support Portal's SAP Notes and KBA Search. Choose Execute. Create a new record in table “W3GENSTYLES”. Logging and Monitoring enable earlier detection of any weaknesses or vulnerabilities in the SAP system as the administrator can pro-actively monitor security-related activities, address any security problems that may arise and enforce security policies appropriately. In SM20 (or SM20N - although by the sounds of it you are on an older release) open the menu first and choose "All remote logs". Delete options: Only calculate number The system only calculates the number of logs that can be deleted. Of course you need to know where the log file is written to. We can use the above concept to get any table behind a Transaction Code. Anyone have any suggestions please to activate automatically when you upload in the instance of SAP?Sm20 Tables Database Tables in SAP (38 Tables) Login; Become a Premium Member; SAP TCodes; SAP Tables; SAP Table Fields; SAP Glossary Search; SAP FMs; SAP ABAP Reports; SAP BW Datasources;. If you are running SAP ECC version 5. I have activated static and dynamic filters and I have given all permissions for the sub folders How can I get user data from O/S level and I want to. When attempting to read security audit logs from SM20, the following popup notification appears. The following parameters below are essential for you being able to read in SM20. Select Presentation Srvers. I would like to know that an SSO2 ticket was used to authenticate the user. SM20 only can trace the logon or logoff with DIAG protocol (SAPGUI) and RFC protocol. Also looking at the output of SM20 the data includes the user entering a specific transaction but not what they do within the. Jobs can be deleted in the following two ways −. I think, it comes from some sort of RFC logons, may be from external systems. Recommended Settings for the Security Audit Log (SM19 / SM20) This blog had started to give recommendations about settings for the Security. When attempting to list the files in SM20, we receive the message: "No audit files found on server". . Common perception about switching on SAP security audit logs (also referred as SM19 or SM20 logs) is as follows: On a reasonably-sized ERP system they will fill up a lot of disk space. These jobs may no longer be required and may occupy a lot of space on the system. Problem: When performing "SM20" audit log review and found that the users tcode activities were missing from the trace. You can use the Session Manager to generate company-specific menus and create user-specific menus. Thank You Amit. Basically I'm tracking transaction use remotely, and am looking to extract the. My system landscape. /nex. Press F7 to go back to the main menu screen. Electronic Data Records. Be careful to whom you give the rights to read the audit log. You can use the transaction code SE16 to view the data in this table, and SE11 TCode for the table structure and definition. communication_failure = 3 MESSAGE last_rfc_mess. ABAP Class: ZCL_ITS_GEN_SAPUI5_MOBILE. SM21 is very easy to use, just specify the criteria: Suppose I changed the content of LV to 123. Right now i didn't enabled the rec/client in my system. Please let me know the following: - 1. SM20 - No audit files found on server. This is first time when I am configuring any action in WebUi. into Splunk by mapping the message IDs to details which the SAP system would provide as well if you review the logs in SAP transaction SM20. While comparing the data which shows under GRACFFLOG to the Firefighter logs reports, Reports does not show some data even if they all exist in the Table GRACFFLOG. Potential Use Cases. It does this by automating and accelerating payment processing, reducing the risk of. Application Server Started. Arun Prabhu. Per default, the system suggests a name for all technical users required. SessionID ( This ID stand for, if User opens the SAP screen by multiple logins) 3. (Transaction SM20). Add a Comment. 1. Apart from above any other ways by which i can get the Audit log. For security administrators that need to extract SAP audit logs continuously for upload into a third-party analytical system like SIEM or Splunk. 知りたいといような要望で使うこともあります。. I was hoping to find a single module where I could input date/time/user etc, but unfortunately that doesn't appear possible. In the User Information System (transaction SUIM), choose Change Documents For Profiles . Methods which can be used to generate runtime dump: collecting via HANA Studio from os level via fullSystemInfoDump. Otherwise you can find the values using the SAP Fiori App Reference Library – you have to lookup the values in the target mapping of the section configuration at the implementation information for you desired app. 3. I believe I should use SM20 to get this report. Now suppose the requirement is to get the Table that stores the Field of all Standard Tables. I understand best practice says to lock DDIC but because it is used for so many automated jobs the Basis group has not had the time to evaluate and simply pulling the plug could have downstream implications that. Select ‘XS Project’. D:usrsapp01dvebmgs00log . Activates the audit log on an application server. Is there a way to paste 100 users at one time in SM20 tcode to. These are security audit transactions. The basics is how to configure the SM50 logon trace. For the SAP TechEd 2023. 2) Enter and select the relevant details and click "Reread Audit Log" button. Choose SAP HANA Development Perspective by using following navigation. Blank Security Audit Log in SM20. The Security Audit Log produces an audit analysis report that contains the audited activities. Hi Experts, - Our PRD system is using SAP ECC 6. It have the following hosts and instances: Host A: ASCS01 and DVEBMGS00 Report ZSM04000_SNC shows a cross-client list about users, their terminals, the connection type and the SNC status. This system account is used to run the background processing scheduler and to perform other system-internal operations (most of them executed as so-called AutoABAP programs). Analysis and Recommended Settings of the Security Audit Log (SM19 / RSAU_CONFIG, SM20 / RSAU_READ_LOG) RSAU_BUF_DATA is a standard Security Transparent Table in SAP BC application, which stores SAL: Temporary Event Log data. Terminates all separate sessions and logs off (corresponds to System - Logoff. Alert Moderator. For example, the retention amount is released to the vendor when certain expectations are met or on a specified date that your vendor has agreed upon. 4 SPS 18, which includes SAP_UI 751 SP 5 with SAP UI5 version 1. Search for additional results. We have enabled the audit parameters (and restarted) but are unable to view the audit log in sm20. I need to take a report on tracking the usage of SAP by user and transcation wise. The Security Audit Log. Do we have any app to get user logs here ?Nov 23, 2009 at 08:00 AM. Can SM20 security logs be activated only for specific id's. In this regard I used SM20 transaction code and calculate time using Logon Successful time and User Log off time data. The layout and content structure defined via spaces and pages can be reused for different user roles, while the tiles/apps which are actually shown on the on a page depend on the catalog. "No data was. First, you need to setup a splunk user id on the SAP servers that can read the log files, so typically it should be in group sapsys. Using Security Audit Log. SAP Web Dispatcher configuration. The Security Audit Log is a tool designed to be used by the auditors to monitor the activities in the SAP System. Thanks and Regards, Sri The process of collecting and displaying data and metrics from the SAP system and its components (for example, dialog instance, central instance, database instance), the virtualization layer, and the physical system. SM20 Reports. Instances that do not have an RFC connection can be accessed through the instance agent. Increase retention period of Audit logs SM20. One Audit File per Day. Also looking at the output of SM20 the data includes the user entering a specific transaction but not what they do within the. Jan 08, 2014 at 07:24 AM. Step 3 : Create Project in SAP HANA Development Perspective mentioned as below. py script and hdbcons via transaction DBACOC. Sample dump: Category Resource Shortage Runtime Errors TSV_TNEW_PAGE_ALLOC_FAILED Short text No more storage space available for extending an internal table. Then accordingly i have set the below parameters. Finally SAP has provided De-centralized firefighting feature in GRC 10. Understood. This field captures the Terminal/IP-address of the system in. Hi All, I have a question on how to define the maximum number of the log to be kept in SAP? is there a parameter to define in RZ10? because currently the log generated by SM19 been deleted after 3 months and I checked the total size are less than 100MB, while the current system is being setup to maximum 200MB. SAP DDIC Weird Activity. Now I want to know that person's. The first server in the list is typically the host to which you are. Select “Outbound Processes”. About this page This is a preview of a SAP Knowledge Base Article. You can delete old logs with the transaction SM18. With SAP Fiori front-end server 2020 for SAP S/4HANA there is a new concept to structure the content on the SAP Fiori launchpad: Spaces and Pages. Is there a way to lock all users. The SAP Fiori applications are based on the USER INTERFACE TECHNOLOGY software component (SAP_UI). RSS Feed. Audit Logging - SM19 and SM20 As we know it is being used in the SAP BC-SEC (Security in Basis) component which is coming under BC module (BASIS) . When I run t code sm20 on production it shows following message ""The result set for this selection was empty"". sap/usr/sid/d00/log but I can get the information from SM20. Security Audit Log (transaction SM19 and SM20) is used for reporting and audit purposes. One or more of DP_SOFTCANCEL exceptions below are visible in the corresponding trace files in the SAP System's directory (dev_disp, dev_w*, etc. After a few months , we restarted the system and the slots which we add later changed to inactive . 5 ; SAP enhancement package 1 for SAP NetWeaver 7. But AUT10 provides us an enhanced options where we can review the changes made in other transactions as well in addition to the table changes. When i tried to run an SM20 report to list the actions I did but I get an empty result. Application logging records the progress of the execution of an application so that you can reconstruct it later if necessary. 0. The field SSFCOMPOP-TDIEXIT will Immediately exit after printing/faxing from the print preview, the user has no chance to close the print preview window after clicking the print button. The Emergency Access Management (EAM) component of SAP Governance, Risk, and Compliance (SAP GRC) provides the technical foundation to administer and manage firefighting or emergency access. The right side offers the section criteria for the evaluation process. The problem is that the aforementioned users already have complete access to S_C_FUNCT and are supposed to keep it. . I checked our parameters and we enabled Audit Log data retrieval. SAP provides standard transaction STAD for this, but it is restricted for only one day. You can delete logs in dialog ( Program Execute ) or in the background ( Program Execute in Background ). /o. If we. it is known username, created by sap admin (m. None. In transaction SM21 System Logging you can use RFC to read logs created locally in all the instances of the SAP system. In SAP S/4HANA Cloud, public edition, while the security audit log is always enabled, two SAP Fiori applications are available for verifying this in an. Is there a way to schedule a batch job to generate security audit log (SM20) automatically and possibly send a message to SAP Inbox or generate a spool request? Release is. For more. Then use SM20 for all the SAP user history including: Login; Reports he ran; Password Change; Lock and Unlocked User; Authorization Change. The difference is, that the scripts can be controlled by the user; there is no need to have an SAP report to insert the data. - I've checked the BDC 'Call Transaction' approach, but I've just found out that it wouldn't return the list of data to me as well (as this isn't what the BDC 'Call Transaction' is built to do). however, I can see the audit data in local server directory as below: I had try to restart but still having same problem. The Security Audit Log - SAP Help Portal. RFC/CPIC logon failed, reason=24, type=R, method=T. Basis - Syntax, Compiler, Runtime. Audit log settings overview. Enter SAP#*. 2. This Audit Log data saves into files. Follow. I'm pretty new to SAP, so please be kind. However when I schedule it as background job, it failed. Select the appropriate radio button under Expiry Date. Type the number of the source handling unit. Start Analysis of Security Audit Log (transaction SM20). Use SM20 -. I'm reading the SM20 data from SAP by using the FM "BAPI_SYSTEM_MTE_GETMLHIS". But the check assignment is changed. eAnyway, SM20 will continue to work, as the access therein is performed by the kernel. Use of SM20. In this blogpost I like to shine a light on the handling of log files of the ICM. Sm20 Transaction Codes List. conf" above. This TCODE could be used along with ST01 to. SAP Audit Logs SM20 SM21For full course checkWhen using SM20 or RSAU_READ_LOG to evaluate the security audit logs, one of the following behaviors is observed: When starting transactions no AU3 security audit log event is recorded in some cases, e. 44. The rec/client parameter is set 'OFF'. Then execute the report. Duties within an organization are segregated (Segregation of Duties, SoD) to prevent the abuse of critical combinations of operations within a process. Is it possible to enable Security Audit loging for a specific set of transactions or if all transactions need to be logged?Activate the user/users you want to monitor in SM19. This log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. , KBA , BC-SEC-SAL ,. For examples of typical filters used, see Example Filters. rsau/selection_slots. SM20. SAP Transaction Code SM20 (Analysis of Security Audit Log) - SAP TCodes - The Best Online SAP Transaction Code Analytics BC SAP_BASIS SM28 Installation Check BC-ABA-LA BC SAP_BASIS SM29 Model Transfer for Tables BC-CTS-CCO BC SAP_BASIS SM30 Call View Maintenance BC-CUS-TOL-TME BC SAP_BASIS SM30VSNCSYSACL Start Analysis of Security Audit Log (transaction SM20). : Accompanied by DUMPs in ST22 as well, like the one below. You can analyze the security audit logs using SM20 transaction, but security audit should be activated in the system to monitor security audit logs. . UCON - Missing RFC Function Modules. 1 - Firefighter Session Details Audit Log Report. In the last part, we will explain how to custom tracking the SAP login action. As of SAP Basis 740 (downported to ABAP 731 with Kernel 7. This is nearly the same than Batch-Input. You can use this special filter value ‘SAP#*’ in transaction SM20, report RSAU_SELECT_EVENTS respective transaction/report RSAU_READ_LOG as well to show log entries in for user SAP* only. 951 Views.