6\VWHP $GPLQLVWUDWLRQ 0DGH (DV\

Chapter 11: Security AdministrationAudit Tools5. Documentation for the message andtechnical details are revealed. Thisscreen is most useful whendisplaying negative messages such asfailed logins or locked transactions.The audit log parameters are the criteria used to write the types of audit messages into theaudit log file. The parameters are grouped into audit profiles that can be activated at thenext system startup (configuration status) or applied “on the fly” (dynamic configuration).Audit profiles need to be first created before audit logs can be written. These profiles limitthe amount and type of data written into the security audit files, which makes thesubsequent security reports more meaningful to the administrator.Decide what to audit and set selection criteria at the database level or dynamically at theapplication server level: If the audit configuration is permanently stored at the database level, all applicationservers use the identical criteria to save events in the audit log.The settings take effect at the next application server start. At the application server level, however, dynamic changes can be set to individualapplication servers and distributed to the entire system.The new criteria will remain in effect until the server is brought down.You can define up to 5 sets of selection criteria or filters. The system parameter,rsau/selection_slots (that defines the number of filters has a default value of 2). You canactivate an audit in the dynamic configuration using transaction SM19.System Administration Made Easy11–47