SAP DDIC Weird Activity. Hi, Use sm35 for batch or sm36 for background jobs. Hello, We are tryed see the Events of Audit Log, but the system display the following messages: NOTE: This process was working ok a month ago. it says that the user is trying to change the SY-SUBRC of program LSTR9U03 – same as in sm20 output too. From the initial screen, go to System Log -> Choose -> All remote system logs. Once that is done, view the analysis using SM20/SM20N. 3 ; SAP enhancement package 2 for SAP NetWeaver 7. 0 1 774. 3: The URL is searched, then the form specification, and then the cookie. Now I want to know that person's. It having following profile parameters ""rsau/enable Enable Security Audit 0"". By activating the audit log, you keep a. SM21 ( SAP System Log ) : The SAP System logs all system errors, warnings, user locks due to failed logon attempts from known users, and process messages in the system log. The Security Audit Log is a tool designed to be used by the auditors to monitor the activities in the SAP System. According to DIN EN ISO 9000, this is a systematic, independent, and documented process used to obtain audit results and to evaluate these results objectively in order to determine to what extent the criteria of audit have been fulfilled. Where as able to get other information except that particular user. Regards, sudheer. For getting the Entries i would like to Execute the above function module. SM20 is a SAP tcode coming under BC module and SAP_BASIS component. 1 - Firefighter Session Details Audit Log Report. Using SM20 in such case can bring a result like: Even though there are SAL entries recorded in the files. 次回はSAPの. 2, logs were returned on that particular date. 3) SM20 : Result Empty. Select the appropriate radio button under Expiry Date. Learn how to use transaction SM21 to monitor and troubleshoot SAP system logs in this online help document. This log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. Moreover, it's better to use new transaction RSAU_CONFIG than SM18 and likewise RSAU_READ_LOG instead of SM20/RSAU_SELECT_EVENTS. Hello All, I would like to know what are all the DB tables which are obsolete in S/4 HANA. EXCEPTIONS. 2) SM19. The authorization to print obviously would depend on the objects related to spool as has been mentioned in the earlier replies. The control to mitigate this risk could be the Security Audit Log and the adoption of a control procedure of the instrument’s output. After upgrade to S/4 HANA, even audit log has been activated# SM20 does not show audit log or just few logs with priority "Very Critical". This field captures the Terminal/IP-address of the system in. I've found an article bu interested to understand if. The recorded events provide information useful for monitoring changes to the SAP system or for tracking a series of events. 1. . Hi, I would like to create an audit log / audit report analysis in background. I would like to know that an SSO2 ticket was used to authenticate the user. Successful and unsuccessful transaction and report start. Jun 16, 2009 at 08:16 PM. Consolidated Log report. . 5) Occasionally you will use SM18 to free up space of old logs by either deleting them or archiving them to tape. usage of SM18, SM19, SM20. Follow. You can use the Security Audit Log to record security-related system information such as changes to user master records or unsuccessful logon attempts. Choose Execute. Per default, the system suggests a name for all technical users required. Also check that a variant has not been set or changed. I tried to check action configuration but could not find the right way to do it. Please refer SAP Notes: 2191612 - FAQ | Use of. This log is a tool designed for auditors who need to take a detailed look at what occurs in the AS ABAP system. It have the following hosts and instances: Host A: ASCS01. Number of filters to allow for the security audit log. SM20: Security Audit Logs Analysis. One such TCode is SM20, which provides access to Analysis of Security Audit Log SAP screen functionality within R/3 SAP (Or S/4HANA) systems, depending on your version and release level. I have been asked to get a report of all transactions started by all users since the beginning of the month. SM20 tcode used for : Analysis of Security Audit Log. One user One ID. Relevancy Factor: 10. • Audit class (for example, dialog logon attempts or changes to user master records) • Weight of event (for example, critical or. The Session Manager is a graphical navigation interface that enables you to manage the sessions of one or more SAP systems and several clients. 1. You will find detailed explanations of the system log functions, features, and settings, as well as examples and tips for best practices. The reason why we cannot rely on SM20 audit log for logon or logoff is. Hi Patricio armendariz. In a few cases I use an ABAP trial system to experiment. Technically, you can use either a Firefighter ID (a dedicated user identity with elevated. Multiple. Click to access the full version on SAP for Me (Login required). The first server in the list is typically the host to which you are. Jun 30, 2015 at 07:34 PM. 51 for SAP S/4HANA 1610 ; SAP enhancement. Click more to access the full version on SAP for Me (Login required). STEP 2: Moving different materials into the new handling unit. ETM’s method for compression typically achieves 98% of log volume reduction. For selection criteria I have the date range of 07/01/2009 / 00:00:00 through 07/27/2009 / 23:59:59 selected. Hint: Using sap note 1970644 you can get report RSAU_INFO_SYAG,. SAP Transaction Code SM20 (Analysis of Security Audit Log) - SAP TCodes - The Best Online SAP Transaction Code Analytics BC SAP_BASIS SM28 Installation Check BC. SAP Notes 495911, 171805 will help you further. into Splunk by mapping the message IDs to details which the SAP system would provide as well if you review the logs in SAP transaction SM20. last updated: 2023-07-10 Introduction The article explains the SAP GUI – TCODE (Transaction Code): SM21 usage in details. アプリケーション開発チームから、利用頻度の高いトランザクションやレポートプログラムを. I have activated static and dynamic filters and I have given all permissions for the sub folders How can I get user data from O/S level and I want to. However logs are generating at OS level. The selection inputs I'm passing in are the standard options displayed in screen 300 and the subscreen on the main screen. SM20 cannot show clearly if a users has performed PO related. Hi All, I am trying to understand RSAU_READ_LOG report. Start Analysis of Security Audit Log (transaction SM20). More Information. The sizing procedure helps customers to determine the correct resources required by an application. The audit files are located in the individual application servers. An audit is modeled in SAP Audit Management as a named auditing. I'm reading the SM20 data from SAP by using the FM "BAPI_SYSTEM_MTE_GETMLHIS". Now suppose the requirement is to get the Table that stores the Field of all Standard Tables. Transaction SE38 and provide the program name RSSTAT26 as in screen. HTTP 401 (Unauthorized) errors can have many reasons in an integration environment specially, if the calls are coming from an external system, example a cloud system. There is no difference between SCU3 or OY18, you can display the change documents of the tables using the tcodes, they both run the same program. In such case, the configuration is not correct. I am turning on my SAP security audit log. You can use the transaction code SE16 to view the data in this table, and SE11 TCode for the table. "miss: TSL1T (J,Q0M)" のようなメッセージが SM21 または. If you can defines positive and negative filters for user groups (see note 2285879) then you can create filters for user groups like SUPER instead. These actions are always audited and recorded. Understood. Hello, In SM20 we have a lot of alerts RFC/CPIC logon failed, reason=24, type=R, method=T user sapsys, client 000, program SAPMSSY1 , that are generating very often, every hour we have 2, 3 alerts. SAP Access Control 12. I am unable to do so in 46C environment. Via fully auditable workflows in the ‘Access Request Service’ of SAP Cloud Identity Access Governance, users in SAP S/4HANA Cloud for advanced financial closing can initiate self-service access requests for user. • SAP System client. The audit analysis report produced by. Follow. The purpose of this Blog post is to demonstrate how text entered. Use the SAP Tcode SM19 for Security Audit Configuration. This log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. New checks. SM20 Logs in SAP S/4HANA Cloud. With SAP Fiori front-end server 2020 for SAP S/4HANA there is a new concept to structure the content on the SAP Fiori launchpad: Spaces and Pages. Transactions STAD, SM19, SM20 SAP security audit log setup 1. 2 ; SAP NetWeaver 7. But this will show the details of logged on users. export, excel, spreadsheet, local file, text with tabs, sichern, lokale Datei. Start Analysis of Security Audit Log (transaction SM20). When you call SM04 and choose "Goto -> Memory", the system displays the memory that is allocated for each user; the bottom line specifies the total memory requirement for all users. The also have AUDD and AUDA in S_ADMI_FCD. Product. Normally only customizing tables should have the logging flag. Logging off Idle UsersActivate the SAP Security Audit Log. Go to Transaction Code ST05 and activate Trace for your SAP User Id. 2 SPS 7 is based on SAP NetWeaver 7. SAP System Logging (SM21) We use cookies and similar technologies to give you a better experience, improve performance, analyze traffic, and to personalize content. In the subject you mention authorization object for "print preview" and in the decription you mention "restricting the print". We will set out the approach to adopt for 5 critical SoD conflicts you should prevent in your company. Recommended Settings for the Security Audit Log (SM19 / SM20) This blog had started to give recommendations about settings for the Security Audit Log, but. Potential Use Cases. You need to set the parameter rec/client = ALL in the DEFAULT profile. Note. 様々な条件でレポートを出力できるように. . Also looking at the output of SM20 the data includes the user entering a specific transaction but not what they do within the. Transaction code SM 20. The main objectives of the audit log are: Monitoring changes in security administrator of SAP system. cheked in sm19 all activities were active. Employee Master Tables. As of Release 4. Introduction The Security Audit Log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP system. I've got the following task to fulfil: I'd like to periodically save the evaluation of the Security Audit Log/transaction SM20 to a defined location (OS basis would be ok), ideally with a timestamp as the filename. 👉🏿back to blog series or to GitHub repos Dear community, There are various problematic attack vectors for SAP backends, but one is more prominent than others: SAP Audit Log deactivation ☠️. RSS Feed. For instance, you can add system ID and client of the target system in question to your users, such as SM<SourceSystemID><TargetSystemID><Client>. 1 ; SAP NetWeaver 7. Uday Kiran. SM20 / RSAU_READ_LOG) | SAP Blogs Relevancy Factor: 2. 0 ; SAP enhancement package 1 for SAP NetWeaver 7. The following services should be logged and, ideally, proactively monitored for suspicious activity: Ensure SAP Gateway logging is configured. SAP Transaction Code SM20 (Analysis of Security Audit Log) - SAP TCodes - The Best Online SAP Transaction Code Analytics BC SAP_BASIS SM28 Installation Check BC-ABA-LA BC SAP_BASIS SM29 Model Transfer for Tables BC-CTS-CCO BC SAP_BASIS SM30 Call View Maintenance BC-CUS-TOL-TME BC SAP_BASIS SM30VSNCSYSACL Start Analysis of Security Audit Log (transaction SM20). I have try SLG2 with option delete before expiration date but nothing list as in SM20. D:usrsapp01dvebmgs00log . There is a possibility of monitoring program behavior through the SAP Security Audit (SM20). Search for additional results. 1. . Rakesh. At-least suggest me how to find them. Please advise and thaIn SAP S/4HANA on premise, transaction SM20 / rsau_read_log can be used to check if the security audit log is adequately enabled and configured to log security critical activities of users. SM20. RSS Feed. This log is a tool designed for auditors who need to take a detailed look at what occurs in the AS ABAP system. SAP migration overview : As the Greek philosopher, Heraclitus, said: “change is the only constant. 10 characters required. Now I want to know the table name for Users, Login time and Log out. One or more of DP_SOFTCANCEL exceptions below are visible in the corresponding trace files in the SAP System's directory (dev_disp, dev_w*, etc. please explain the usage of transaction codes SM18, SM19, SM20 in SAP, for audit. Search for Tcode. however I couldn't read the audit log from SM20. Run transaction code SE38/SA38/SE80/SE90 or any other report execution t-codes. SAP Security Audit can track not only user activity but also program activity. SAMT: Information and Results for ABAP/4 Mass Tests. Profile Parameter Definition Standard or Default Value; rsau/enable. These can be helpful when analyzing issues. 0. The first server in the list is typically the host to which you are currently connected. Analysis and Auto-Reaction Methods. Sm20 Transaction Codes List. 1. About this page This is a preview of a SAP Knowledge Base Article. Use the transaction SLG0 to define entries for your own applications in the application log. Enter SAP#*. Indeed i am looking for coloring the particular cell as you mentioned above , passing values to it_excel . You can read the log using the transaction SM20. The SAP Solution Manager is focussed on the technical integration of applications, Software Change Management, and, above all, monitoring the most important business processes of the customer. It depends on the retention period which is set for these tcodes I am afraid wthr 1 year old data can be pulled out using these monitoring tcodes. 1. 0. Select this option to allow only a single security audit file for the application server and enable the Maximum Size of Audit File parameter. The difference is, that the scripts can be controlled by the user; there is no need to have an SAP report to insert the data. Select “Packing”. I am expecting to get a result that is equal with the settings configured in RSAU_CONFIG under Static. It monitors and logs user activity information such as: . Go to Transaction Code ST05 and activate Trace for your SAP User Id. Table maintenance is for creating, adding data to an existing table. The data and metrics are used by other subsystems in SAP Landscape Management such as dashboards, and alerts. SUIM --> User Information System --> User --> By Logon Date and Password Change. Cheers, Gerald. SM18 - to delete old Security logs. I'm pretty new to SAP, so please be kind. The SAP System logs is the all system errors, warnings, user locks due to failed log on attempts from known users, and process messages in the system log. 0, version for SAP BW/4HANA Keywords. Client - This field is mandatory and is used to filter on a specific client of the SAP system that is noted within the security audit log. - Current DB size is about 90GB with about. With the appropriate SM19 settings you can use SM20 to perform analysis once the data is collected. The layout and content structure defined via spaces and pages can be reused for different user roles, while the tiles/apps which are actually shown on the on a page depend on the catalog. SM35 (Batch Input Monitoring) TCode in SAP. It is not possible have a single file and multiple files, using a specific FN_AUDIT value. This information is recorded on a daily basis in. AUT10 is a transaction code in SAP LO application with the description — Evaluation of Audit Trail. RSS Feed. View some details about SM20 tcode in SAP. Can SM20 security logs be activated only for specific id's. Secondly with the help of SAP All Profile a user can perform all as SAP all it. - I've checked the BDC 'Call Transaction' approach, but I've just found out that it wouldn't return the list of data to me as well (as this isn't what the BDC 'Call Transaction' is built to do). The SAP Fiori applications are based on the USER INTERFACE TECHNOLOGY software component (SAP_UI). To show log entries in for user 'SAP*' only, filter by 'SAP#*' in SM20 or use report RSAU_SELECT_EVENTS instead. You now have the option to filter message. Visit SAP Support Portal's SAP Notes and KBA Search. Automate Audit Trail Report. It have the following hosts and instances: Host A: ASCS01 and DVEBMGS00 Report ZSM04000_SNC shows a cross-client list about users, their terminals, the connection type and the SNC status. The program GRAC_EAM_LOG_SYNC_TIMEBASED was also extecuted but still, log is not showing up in the FireVisit SAP Support Portal's SAP Notes and KBA Search. It is not clear how information in fields Execution Count and Last Executed On is calculated. Activate Transaction SM19 and Transaction SM20 logging; 2. But if the password lock happens within minutes, then STAD will be faster -> select the user -> you will see a step recorded in program SAPMSYST -> double-click it -> click on the hotspot "RFC" at the top and there you can see the connection details and the host names from the caller. lock occurrence frequently , KBA , BC-SEC. Enter SAP#*. I am unable to do so in 46C environment. Audit log settings overview. This way, allocated memory will be released after leaving the transaction. RFC/CPIC Logon Failed, Reason = 1, Type = F The user listed is SAPSYS (client 000. I have noticed that some consultants are used to load lots of SAL files at once in SM20 (e. Press F7 to go back to the main menu screen. Using these SAP tools not only enhances the overall performance and security of SAP systems but also contributes to maintaining a well-functioning environment in line. The left side displays the host servers of the AS ABAP. ABAP System. but still if as Security audit log is required is there any way to get the log from SAP from any of the standard report, program or table. C, to get more details on the root cause, but so far, have found nothing. The audit files are located in the individual application servers. I understand best practice says to lock DDIC but because it is used for so many automated jobs the Basis group has not had the time to evaluate and simply pulling the plug could have downstream implications that. empty_list = 1. SM20 is a SAP tcode coming under BC module and SAP_BASIS component. Please note that certain sensitive data has been blocked out in the above screenshots to protect the integrity and security of. SAP System Logging (SM21) This site uses cookies and related technologies, as described in our privacy statement , for purposes that may include site operation, analytics, enhanced user experience, or advertising. In transaction SCC4, you have selected the option "Changes w/o automatic recording, no transports allowed" When you edit a repository object in the client, you are still prompted to record the changes in a Transport RequestThe archiving of IDocs leads to a dump with the message TSV_TNEW_PAGE_ALLOC_FAILED. IF sy-subrc <> 0. We run the SM20 audit log reports each month for DDIC activity when its associated with a terminal name. Audit log SM20 Not Activate After Reset. On transaction SUIM there is an option to find the last logon information of an user. DDIC User locked. It will raise a TR generate that tr and TRansaport the same into othe environments as per the requirement . Style: ZMOBSAPUI5. This is a preview of a SAP Knowledge Base Article. Notes:-. Goto. 0, you can use the Security Audit Log to record security-related system information such as changes to user master records or unsuccessful logon attempts. Basis - DB-Independent Database Interface. Environment. By default, log retention is automatically activated for 18 months. By activating the audit log, you keep a. The two transactions display the memory consumption from different points of view; furthermore, different terms are used for the same thing. Variant 3: External operating system command The third variant does not use the SAP kernel to delete the file, but rather an OS command (in the following example we’ll use the Unix/Linux rm command). comment and advice will be highly appreciated. Using Security Audit Log. For the message you cite, the user or an administrator has cancelled one of the sessions for user KRUDD. The Security Audit Log - SAP Help Portal. ST03N : SAP User Login History. Transaction code SM21 is used to check and analyze system logs for any critical log entries. Terminates all separate sessions and logs off immediately (without any warning!). The Security Audit Log. For Web-based logon procedures as in our case, the selection can be restricted to report SAPMHTTP (this selection screen is dependent on NetWeaver. More Information. User logon information, identity theft attempts. 3) SM20 : Result Empty. List of SAP SM* Transaction Codes. Then execute the report. May be this is a repeat question for this forum. I have to extract log for more than 100 users by using SM20 log. Common perception about switching on SAP security audit logs (also referred as SM19 or SM20 logs) is as follows: On a reasonably-sized ERP system they will fill up a lot of disk space. 言語 JA (日本語) でログオンした際に、以下のように SM19 において一部のメッセージテキストが表示されません。. In this regard I used SM20 transaction code and calculate time using Logon Successful time and User Log off time data. The Security Audit Log produces an audit analysis report that contains the audited activities. The field SSFCOMPOP-TDIEXIT will Immediately exit after printing/faxing from the print preview, the user has no chance to close the print preview window after clicking the print button. Is there any other procedure is there in sap to check and trace the user details. SM21 as per sap docs is the system logs that logs all the system errors, warnings, user locks due to failed logon attempts from known users etc. SAP TCode: SM18 - Reorganize Security Audit Log. You can use the below function module to get the details from the system. Hello. Following screen will appear. check the file list using. SAP left it to each company to configure whatever they deem appropriate. To create the change audit report Go to Action Search –> Change audit report. One such TCode is SM20, which provides access to Analysis of Security Audit Log SAP screen functionality within R/3 SAP (Or S/4HANA) systems, depending on your version and release level. The transaction field is not set correctly for all log entries of type AU3/AU4 written by the SAP kernel. It is very important to know which are the Transaction Codes that are replaced with new Transaction Codes. I have run t-code SM20 and AUT10 for the same purpose but it is showing no data available for the transaction code. Country Key Tables. My system landscape. WhatSAP Community Thu, 12 Jan 2023 13:47:36 +0000 hourly 1We would like to show you a description here but the site won’t allow us. Steps. Search for additional results. Click more to access the full version on SAP for Me (Login required). This means that Firefighter session could be started from the plugin system itself without the need to access the GRC Box. Appreciate your advise. SAP Audit Management for SAP S/4HANA provides an end-to-end audit management solution that can be used to build audit plans, prepare audits, analyze relevant information, document result, form an audit opinion, communicate results, and monitor progress. If you need to trace the activities of aSAP TCode : SM19 - Security Audit Configuration. Select servers to include in the analysis. However, to maintain the integrity of the audit policies, SAP configured HANA with specific actions that are monitored by default. Logging and Monitoring enable earlier detection of any weaknesses or vulnerabilities in the SAP system as the administrator can pro-actively monitor security-related activities, address any security problems that may arise and enforce security policies appropriately. In SM20 we can see that one RFC destination got deleted by t-code "/GRC". Visit SAP Support Portal's SAP Notes and KBA Search. Otherwise you can find the values using the SAP Fiori App Reference Library – you have to lookup the values in the target mapping of the section configuration at the implementation information for you desired app. Further help from the community can be found here: Analytic Designer Q&A. this is especially true with an ID having access to Tx SCC4 and other important System Tx. There are multiple types of runtime errors that we encounter. Another difference is, that the existence of dynpro elements can be checked. i wanna check my logs & wanna delete it. I know that log captures data from transaction SM20. By I cannot see the terminal name. Methods which can be used to generate runtime dump: collecting via HANA Studio from os level via fullSystemInfoDump. Now I want to know the table name for Users, Login time and Log. This is a preview of a SAP Knowledge Base Article. The defined selections can then be reused in consolidation-related settings, such as validation rules, reclassification methods, currency translation (CT) methods, and breakdown categories. Having the SAP specific annotation is very easy when you are using native. When reading that I can see the SM20 date and timestamp, transaction, user, etc. Under audit classes I only have "transaction start" checked. As of Release 4. This is the respective entry recorded in SM21. In SAP ECC, there is a transaction code SM20 which can list out the reports or transaction codes users have run for a period. BC - Security. Concepts and Security Model. Dear All, I want to activate security audit logs on my production and development servers. By activating the audit log, you keep a record of those activities you consider relevant for auditing. For Read user, TMW user, and Back user, you can adapt user names as required by your company and for the purpose of uniqueness. Sm20 Audit Log Tabl Database Tables in SAP (30 Tables)In our SM20 security audit log, we are getting the following error every 5 minutes. Finally SAP has provided De-centralized firefighting feature in GRC 10. GRC provides six reports specifically for EAM, e. From the initial screen, go to System Log -> Choose -> All remote system logs. Audit Trail Transaction Codes in SAP (62 TCodes) Login; Become a Premium Member; SAP TCodes; SAP Tables; SAP Table Fields; SAP Glossary Search; SAP FMs; SAP ABAP Reports; SAP BW Datasources;. As Basis administrator, you would like to trace all the activities of certain login and this can be achieve with the TCODE: SM20. The difference between SM21 and SM20 logs in SAP is being inquired by your team. Internal ID ( This id stands for , if user opens the multiple session in same login) 4. A New Home in New Year for SAP Community: Exciting times ahead for the SAP Community! Not yet a member on the new home? Join today and start participating in the discussions! Read about the migration and join SAP Community Groups! Home;. This site uses cookies and related technologies, as described in our privacy statement, for purposes that may include site operation, analytics, enhanced user experience, or advertising. Yes, thats correct. XI7 , KBA , BC-CCM-MON-SLG , SAP System Log , How To . Do we have any app to get user logs here ? Like we use SM20 in the on-premise system. 0, you can use the Security Audit Log to record security-related system information such as changes to user master records or unsuccessful logon attempts. Delete session, reason DP_SOFTCANCEL. You can use the Session Manager to generate company-specific menus and create user-specific menus. however, I can see the audit data in local server directory as below: I had try to restart but still having same problem. In this example I want to Find the Table that stores EKKO Table field as a matter of fact any table fields. g. How to enable Security Audit Logging on all SAP transactional systems (SM19/20). 3. The right side offers the section criteria for the evaluation process. When reconciling the SM20 logs and the Consolidated Log Report entries, there are log entries in the SM20 log that are not captured in the log report, such as the following entries below. Audit: Slot 1: Class 191, Severity 2, User USER1, Client 200, Audit: Slot 2: Class 191, Severity 2, User USER2 , Client. << Moderator message - Everyone's problem is important. Alert Moderator. This Note documents what information is captured in the Emergency Access Management (SPM ) Consolidated Log Report. - Profile/Filter: 2 Selection by profile AUDIT/filter 002. Audit. This Audit Log data saves into files. 0 Keywords Action Usage by User, Role and Profile, timestamp, last executed, , KBA , GRC-SAC-EAM , Emergency Access Management , ProblemSM20, SAPMSSYC Logon successful (type=E, method=A ), Security Audit Log , KBA , BC-ABA-LA , Syntax, Compiler, Runtime , BC-SEC , Security - Read KBA 2985997 for subcomponents , BC-SEC-SAL , Security Audit Log , Problem. and use class CL_ITS_GENERATE_HTML_MOBILE4 as the superclass. Visit SAP Support Portal's SAP Notes and KBA Search. e. SAP has recommend archiving your audit files on a regular basis and deleting the original files as necessary. Read more. Able to identify transaction used in st03 for that user. 5 ; SAP enhancement package 1 for SAP NetWeaver 7. e. Basis - Syntax, Compiler, Runtime. Defines the directory and name of audit log file. You can delete old logs with the transaction SM18. This has zoom enabled. 78 Views. How updation of change log is done in SAP: The change log of delivery header is updated through CDHDR and CDPOS tables. bitella via sap-r3-security" wrote: > > > I am looking for a way to run in background the theHello Guru: I can display list on Audit Log on SM20.