The Security Audit Log

As of Release 4.0, you can use the Security Audit Log to record security-related system information such as changes to user master records or unsuccessful logon attempts. This log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. By activating the audit log, you keep a record of those activities that you specify for your audit. You can then access this information for evaluation in the form of an audit analysis report.

The Security Audit Log provides for long-term data access. The audit files are retained until you explicitly delete them. Currently, the Security Audit Log does not support the automatic archiving of the log files; however, you can manually archive them at any time.

You can record the following information in the Security Audit Log:

·        Successful and unsuccessful dialog logon attempts

·        Successful and unsuccessful RFC logon attempts

·        RFC calls to function modules

·        Changes to user master records

·        Successful and unsuccessful transaction starts

·        Changes to the audit configuration

The audit files are located on the individual application servers. You specify the location of the files and their maximum size in the following profile parameters:

Profile Parameters for the Security Audit Log

Profile Parameter


Standard or Default Value


Activates the audit log on an application server.

0 (audit log is not activated)


Specifies the location of the audit log on the application server.



Specifies the maximum length of the audit log.

1,000,000 bytes


Specifies the number of selection slots for the audit.


You specify the activities that you want to log in filters using the transaction SM19. You can read the log using the transaction SM20. You can delete old logs with the transaction SM18.

For examples of typical filters used, see Example Filters.

For more information on the Security Audit Log, see Security Audit Log.