Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

CCMS and Security Audit log

Former Member

‎2009 Sep 26 6:01 PM

0 Likes
1,219

I have seen a huge number of companies who do not use SM19/SM20 or RZ20. It is not configured. example I worked for 3 clients(user base 14000, 16000,1000) and none of them have this configuration.

Do you know why is it so if it is not configured at your place.

Thanks

Edited by: Pankaj Jain on Sep 26, 2009 7:02 PM

7 REPLIES 7
Read only

sdipanjan
Active Contributor

‎2009 Sep 26 8:40 PM

0 Likes
1,008

What do they use instead? GRC Access Control ?

Yes, it's true that in some cases people don't use them but in maximum of such cases, it is unintentional and due to lack of knowledge of standard SAP tolls & accelerators of the support group. .. which I believe. Please check other comments.

To be frank, SM20 is a great a ABAP tool to use for a variety of events and can be used for all types of active users. So, there should not be a good reason to avoid or neglect it.

and CCMS console is used in every SAP implementations I hope may or may not be together with some other external tools. Check SAP EcoHub for a variety of 3rd party SAP Certified tools.

Regards,

Dipanjan

Read only

Former Member

‎2009 Sep 26 8:43 PM

0 Likes
1,008

I configure it and use it a lot. In higher releases and with SolMan it is very much improved, as well as becoming more attractive for admins to monitor logs.

Lets face it: Who likes reading logs?

Why others don't use it is probably also combination of the fact that it is not active by default (so you need to be proactice, which some folks aren't...) and urban legends about it having a performance impact or even being a modification to the standard and such nonesense.

However you should check whether it is or has been used for dynamic filters. You won't see those in RZ11, but they are very usefull for troubleshooting and analysis.

My 2 cents,

Julius

Read only

Wolfgang_Janzen
Product and Topic Expert
Product and Topic Expert
In response to Former Member

‎2009 Sep 26 9:03 PM

0 Likes
1,008

> ... they are very useful for troubleshooting and analysis.

Yes, e.g. to analyze logon problems - see note 495911.

And in addition it's worth to mention that most events can be configured to trigger CCMS alerts.

Edited by: Wolfgang Janzen on Sep 26, 2009 10:05 PM

Read only

Former Member
In response to Former Member

‎2009 Sep 27 8:34 AM

0 Likes
1,008

> And in addition it's worth to mention that most events can be configured to trigger CCMS alerts.

Then it is also worth mentioning that one can define reaction methods for all the CCMS alerts...

E.g.:

- Send a mail with some infos about events.

- Execute a command to block an IP address for a very specific event.

- Increase the logging level automatically if a threadhold is reached.

In addition to standard methods, you can add your own code to make it do almost anything you can imagine to be possible if the event is made known to the log.

Cheers,

Julius

Read only

Former Member
In response to Former Member

‎2009 Sep 30 11:02 AM

0 Likes
1,008

Thanks Julius Bussche(I will remember 2 cents-:)) ,Wolfgang Janzen , Dipanjan Sanpui ...

So as my confusion was....I thought that most of the people do not use it because of performance reasons.

Can you gurus or somebody inform me his experience whether these tools affects performance and if yes...have you stopped using them due to that.

Your inputs will decide whether I should recommend to use these tools to my current client..and also in future my opnion about these tools...so thanks for replies in adv.

Read only

Former Member
In response to Former Member

‎2009 Sep 30 11:36 AM

0 Likes
1,008

> 

> So as my confusion was....I thought that most of the people do not use it because of performance reasons.

The performance impact is negligible. The only measurable effect I came across was on the file system (the audit log writes flat files), this is easily manageable with regular archiving of the audit log files.

If Audit Logging causes performance issues then the system is undersized and will likely anyway fall over at period close due to processing being performed.

Read only

sdipanjan
Active Contributor
In response to Former Member

‎2009 Sep 30 12:52 PM

0 Likes
1,008

Performance impact is dependent on the Hardware sizing and the daily monitoring activities together with the back up schedule by the BASIS team.

My experience is: I have seen maximum of clients using this for logging activities of ALL users in the system. In other few cases, it is restricted to Super and Special users.

Please go through the document: [Security Audit Log|http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/2088d9d4-e011-2a10-bba9-90548dbc2d6a&overridelayout=true] (it's a bit Old)

Try searching Community with SM20 / SM19 / Security Audit Log search strings.

Regards,

Dipanjan