Lukardi

Webinar: Jak autoryzacje w ECC wpływają na koszty licencji w S/4 Rise with SAP  

SECURITY AUDIT LOG (SAL) - Is it Necessary?

Share

Yes..., yes... If you are an SAP user and have, let's say, unspecified intentions... then you can ask such a question.

Jokes aside. The function in question is, let's emphasize, important. In addition - useful.
In critical situations it can save our skin, bringing various "investigations" to a happy ending.

Security

Who will benefit from this? Employers, employees... no, not you the user in the first paragraph.
You would like the SAL to be turned off.

SAL will ensure system security only if it is configured correctly (SM19/RSAU_CONFIG). AND looked after (SM20/RSAU_READ_LOG), and if access to it will be strictly limited and controlled. Both the Basis department and security key users (auditors) have something to say at the configuration.

The following table shows in simple terms who is responsible for what.

Often, security audit topics are referred to the Basis team, which will not always answer all the questions and spread their hands, since the system log reveals events concerning the database, terminal connections, etc. With SAL, on the other hand, we are able to reconstruct a sequence of events from a security perspective that the system log will not show, because SAL supplements system log.

Monitoring

As we have already mentioned security logs should be looked after. In other words, perform regular analysis. One method is to receive real-time notifications of security incidents using CCMS (Computing Center Management System). Another method is to periodically review the security reports generated in the SM20/RSAU_READ_LOG transaction. There's no denying it: this is a tedious and monotonous process, but its criticality tips the scales to perform it.

Summary

In two words, what, for example, might we not notice without having a SAL running? Outflow of goods. Whether material or information. Manipulation. Harmful actions. What more to write here? Nothing, just implement SAL.

Useful notes

539404 - FAQ: Answers to questions about the Security Audit Log

1497445 - SAL | Logging of IP address instead of terminal name

2191612 - FAQ | Use of Security Audit Log as of SAP NetWeaver 7.50

2546993 - Analysis and Recommended Settings of the Security Audit Log (SM19 / SM20

We Manage the Digital Transformation of Your Business

Do you want to secure your business from cyberattacks? Or are you planning a digital transformation or looking for IT specialists for a project? We'd be happy to help. We are here for you. Let's talk about professional IT services for your business.

Tomasz Jurgielewicz

Head of Security Department at Lukardi. For the past 10 years, he has led a team of SAP Security specialists, providing comprehensive services and tools to secure SAP systems and optimize licenses. Experience in the areas of: - identification of authorization conflicts and authorization reorganization, - identification of SAP vulnerabilities, - integration of SIEM solutions with SAP, - optimization of SAP licenses.