cancel
Showing results for 
Search instead for 
Did you mean: 

Security Audit Log - Local IP/System Name

gurubalan
Participant
0 Kudos
618

Hello All,

As an SAP security consultant, I'm working on SAP S/4Hana Public Cloud product. One of our clients requires the ability to identify the user responsible for a specific transaction within the system at a particular time by tracing the Local IP and System name. However, the "Display security Audit Log" tile only displays the Public IP under the terminal.

i.e. I've used "MIGO" transaction & maintained the mandatory field. But system not showing the Local IP and machine name. Is there any other option to check that ?

Accepted Solutions (1)

Accepted Solutions (1)

Jerry_Lowery
Product and Topic Expert
Product and Topic Expert

Hi Guru,

Could you clarify what you mean by "Local IP"? I assume you mean the laptop/PC you are using to access the system?

For example, if I display my own activity, the Terminal IP address matches the one from my laptop. However, in this case I am on my company VPN. If disconnect from my VPN, I get the public address of my internet provider in the Terminal.

Which I think it makes. For example, if I am, say working from home, connected to my internet through my personal router, the IP address would likely be like 192.168.x.x (or a better local address...). Which, from an access in the system is not at trackable or would possibly look like another employee's IP from their own personal router.

The machine name is not available in this audit log, as far as I am aware.

If you want to be more restrictive and, say, allow access to the system from only terminals already on your VPN or from a certain IP range, I believe you could make that configuration in your IAS (however, i am not an IAS expert) or whatever authentication service you are using:

Thank you

Jerry

Answers (1)

Answers (1)

Gabriel_Gomez
Product and Topic Expert
Product and Topic Expert

Hello gurubalan,

May I suggest you to fill your requirement looking by User ID instead of Local IP and Machine Name?

If you use the App Display Security Audit Log, tracing the User ID and Timestamp looks like something useful for your scenario, as a suggestion export the events to a spreadsheet and narrow down your search in the Event Message Text column by the word "Transaction".

Hope this can help you a little bit.

Gabriel