Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

is there a way to read the security audit log with my abap program?

Former Member
0 Kudos

hi everyone.

i made an abap program in which i need to get user information from the security audit log. is there a way to do this? are there any tables i could read in which the security audit log data is stored? or are there FMs oder BAPIs?

one way would be to make a batch input which calls transaction sm20 and downloads the security audit log data into an excel sheet which i could read with my abap programm but thats way to extensive and insecure...

i hope anyone can help me with this problem.

7 REPLIES 7

Former Member
0 Kudos

Hi,

take a look at Function Group SECU.

Regards

markus

0 Kudos

wow finally.

found them meanwhile by myself:

SECU -> Functiongroups -> SL06

RSAU_SELINFO_INIT

RSAU_READ_FILE

works now with those two functionmodules. still got to do some testing but looks fine until now.

thanks anyway for your help.

0 Kudos

Can you please send/post the code for how u did it.

Regards,

Pushkar

0 Kudos

FORM sm20_append_log.

*just dump this thing on the screen

*it should format the row correctly and do a transfer yay

DATA: sm20data LIKE rsauentr2.

DATA: p1(512),p2(512),p3(512),p4(512),p5(512),p6(512) TYPE c.

DATA: msg(512) TYPE c,varea(2) TYPE c, vsubid(1) TYPE c.

  • now: skip rules:

  • lines with a ':' in pos 3 are log lines

  • lines with a ':' in pos 7 are datum lines.

LOOP AT sm20_tbl.

sm20data = sm20_tbl-centdata.

  • format the message

  • split slgdata in a array separated by &

SPLIT sm20data-slgdata AT '&' INTO p1 p2 p3 p4 p5 p6.

varea = sm20data-slgtype+1(2).

vsubid = sm20data-slgtype+3(1).

SELECT SINGLE txt INTO msg FROM tsl1t

WHERE spras = sy-langu

AND area = varea

AND subid = vsubid.

REPLACE FIRST OCCURRENCE OF '&A' IN msg WITH p1.

REPLACE FIRST OCCURRENCE OF '&B' IN msg WITH p2.

REPLACE FIRST OCCURRENCE OF '&C' IN msg WITH p3.

REPLACE FIRST OCCURRENCE OF '&D' IN msg WITH p4.

REPLACE FIRST OCCURRENCE OF '&E' IN msg WITH p5.

REPLACE FIRST OCCURRENCE OF '&F' IN msg WITH p6.

      • Original Selection:

      • CONCATENATE varea ';' vsubid ';' sm20data-slgdattim ';' sm20data-slguser ';' sm20data-slgtc INTO s1 RESPECTING BLANKS.

      • CONCATENATE '1' s1 ';' sm20data-slgrepna ';' sm20data-slgmand ';' sm20data-slgmode ';' sm20data-slgltrm2 ';' msg space_line INTO s2 RESPECTING BLANKS.

      • fitted selection for my program:

CONCATENATE sm20data-slgdattim6(2) '.' sm20data-slgdattim4(2) '.' sm20data-slgdattim(4) INTO v_datum.

CONCATENATE sm20data-slgdattim8(2) '.' sm20data-slgdattim10(2) '.' sm20data-slgdattim+12(2) '.' INTO v_zeit.

CONCATENATE v_datum ';' v_zeit ';' sm20data-slguser ';' sm20data-slgtc INTO s1 SEPARATED BY space.

CONCATENATE s1 ';' sm20data-slgrepna ';'msg space_line INTO s2 SEPARATED BY space.

wa_auditlog_txt-line = s2.

APPEND wa_auditlog_txt TO it_auditlog_txt.

ENDLOOP.

ENDFORM. "SM20_append_LOG

FORM sm20_read_log USING wa_fftab LIKE LINE OF it_fftab.

DATA: BEGIN OF ta.

INCLUDE STRUCTURE rslgsel.

DATA: END OF ta.

DATA: audit_select LIKE rsausel.

DATA: BEGIN OF audit_file_stat OCCURS 100.

INCLUDE STRUCTURE rsaufinfo.

DATA: END OF audit_file_stat.

  • fill the audit selection - why? who knows... ask SAP.

CALL FUNCTION 'RSAU_SELINFO_INIT'

CHANGING

audit_selection = audit_select.

ta-user = wa_fftab-ffid.

ta-startdate = from_date.

ta-stop_date = to_date.

        • testing

      • ta-user = 'XXX'.

      • ta-startdate = '20091126010000'.

      • ta-stop_date = '20091126150000'.

CALL FUNCTION 'RSAU_READ_FILE' DESTINATION wa_fftab-destination

EXPORTING

selection = ta

selection_audit = audit_select

TABLES

syslog_in_table = sm20_tbl

audit_file_stat = audit_file_stat.

ENDFORM. "SM20_READ_LOG

0 Kudos

why the hell cant i post the text as code Oo

0 Kudos

It is because your code is too long...

Try:

SUBMIT 'RSAU_READ_AUDITLOG_EXTERNAL' USING ...

... or other variants of the same. The program is a demo.

Cheers,

Julius

Former Member
0 Kudos

Hello Rafe;

I think you can do a thing;

run transaction SM20 and get the security audit record in ALV output format and just press F1 over the field you want to get the technical information of and purse down the table name for the field; then get into the table or design your own program with customize settings..

Hope that will gonna help you .

Kind Regards,

Zahack