1 ; SAP NetWeaver 7. "No data was found the server". Transaction SM20 is. System Log: capture debug and replace information from Tcode SM21. This is a preview of a SAP Knowledge Base Article. We run the SM20 audit log reports each month for DDIC activity when its associated with a terminal name. (1 important user ID got deleted. it says that the user is trying to change the SY-SUBRC of program LSTR9U03 – same as in sm20 output too. Now I want to know the table name for Users, Login time and Log out. With the old version of Kernel, all the details of RFC failures will not be logged in SM20. I understand best practice says to lock DDIC but because it is used for so many automated jobs the Basis group has not had the time to evaluate and simply pulling the plug could have downstream implications that. Here’s an example without IP addresses and without terminal names: Limitation: the report shows current sessions only. Relevancy Factor: 10. Analysis and Recommended Settings of the Security Audit. Create and activate the audit profile in SM19. Automate Audit Trail Report. Notes:-. this is especially true with an ID having access to Tx SCC4 and other important System Tx. Relevancy Factor: 100. SAP Security Audit can track not only user activity but also program activity. Transaction SM20 is used to see the Audit log . Analysis and Recommended Settings of the Security Audit Log (SM19 / RSAU_CONFIG, SM20 / RSAU_READ_LOG) This document was generated from the. Now I want to know the table name for Users, Login time and Log. As of Release 4. i wanna check my logs & wanna delete it. Based on keywords in the short dump SAP will look for known solution correction notes. The name of the file is usually SLOG<inr>, where <inr> is the instance number. You will get more details about each transaction code by clicking on the tcode name. It comes under the package SECU. 3 SP1 and above; Web Intelligence (WebI) Bics Connections to BWSap Sm20 Tables Most important Database Tables for Sap Sm20 # TABLE Description Application Table Type; 1 : CDPOS: Change document items BC - Change Documents: Transparent Table 2 : BDCMSGCOLL: Collecting messages in the sap System 700 - UI Services: Structure 3 : RFCDES: Destination table for Remote Function CallSAP enhancement package 5 for SAP ERP 6. This has zoom enabled. 1. In this example I want to Find the Table that stores EKKO Table field as a matter of fact any table fields. Use the transaction SLG0 to define entries for your own applications in the application log. Take a look into transaction RZ20 (the CCMS alerts) where you can centrally monitor such stuff and define threadholds and reaction methods. The difference is, that the scripts can be controlled by the user; there is no need to have an SAP report to insert the data. You can use the below function module to get the details from the system. I tried to check action configuration but could not find the right way to do it. 3) All the detail activities of the particular login will be shown. Select servers to include in the analysis. Thanks in advance. Click to access the full version on SAP for Me (Login required). I know that log captures data from transaction SM20. By activating the audit log, you keep a. For security administrators that need to extract SAP audit logs continuously for upload into a third-party analytical system like SIEM or Splunk. Click on system from menu bar. General selection conditions. Read more. i have one requirement I need to Get the Entries from the Function module. This Note documents what information is captured in the Emergency Access Management (SPM ) Consolidated Log Report. rsau/user_selection. Can SM20 security logs be activated only for specific id's. SAP Notes 495911, 171805 will help you further. You can create change audit report for the following. For Web-based logon procedures as in our case, the selection can be restricted to report SAPMHTTP (this selection screen is dependent on NetWeaver. 0 (audit log is not activated)Enhancement. SM20 / RSAU_READ_LOG) | SAP Blogs Relevancy Factor: 2. . As I told you only adding aggregates always keyword solved all my problems. The log of the local instance for a maximun of the last two hours is displayed by default. HTTP 401 (Unauthorized) errors can have many reasons in an integration environment specially, if the calls are coming from an external system, example a cloud system. Program : SAPMSM20. 3) SM20 : Result Empty. There is requirement to schedule SM18 or RSAU_ADMIN as a background job to admin the Security Audit Log file automatically. The same applies for all communication logs if an ABAP server is shut down. In the subject you mention authorization object for "print preview" and in the decription you mention "restricting the print". g. Able to identify transaction used in st03 for that user. Hi - Transaction code SM04 will give you the terminal name from where the user is connected to the SAP system. 1. The logs are deleted from the database. 3) Click "Yes". On transaction SUIM there is an option to find the last logon information of an user. . View some details about SM20 tcode in SAP. list_index_invalid = 2. This event could be used in the following scenarios:. By using the audit analysis report you can analyze events that have occurred and have been recorded on a local server, a remote server, or all of the servers in the SAP System. 4 ; SAP NetWeaver 7. Activates the audit log on an application server. When I select below combination: - Selection Type: 3 Selection by profile/filter. I can see the files on the operating system though. in your case it is 10M you can change this parameter using RZ10 ( restart of SAP server required) SM20 only read audit_yyyymmdd. The following example issues (the list is not exhaustive) are reported in the system: SAP ID/User locked often. When you run SM20 in SAP these texts are mapped dynamically and you can read the log in the SAP-gui. Today I want to test the Security Audit Log to monitor RFC calls, but the analysis of Security Audit Log (SM20) doesn’t work on the trial system. Is it possible to enable Security Audit loging for a specific set of transactions or if all transactions need to be logged? Activate the user/users you want to monitor in SM19. Hope it help you. The system does not delete or overwrite audit files from previous days, it keeps them until you manually delete them. Table maintenance is for creating, adding data to an existing table. "No data was found the server". Transaction code SM 20. 24. Enable SAP message server logging. I think, it comes from some sort of RFC logons, may be from external systems. log Records of Table Changes. SAP Transaction Code SM20 (Analysis of Security Audit Log) - SAP TCodes - The Best Online SAP Transaction Code Analytics BC SAP_BASIS SM28 Installation Check BC. SAP System Logging (SM21) This site uses cookies and related technologies, as described in our privacy statement , for purposes that may include site operation, analytics, enhanced user experience, or advertising. In SM20 after filling in the prerequisite fields and selecting the time frame, you will have to extract the audit log as shown in the screenshot below. The Security Audit Log - SAP Help Portal. SM20. You may choose to manage your own preferences. The data and metrics are used by other subsystems in SAP Landscape Management such as dashboards, and alerts. . You can specify the following information in the filters: • User. Select ‘XS Project’. Anyone have any suggestions please to activate automatically when you upload in the instance of SAP?Sm20 Tables Database Tables in SAP (38 Tables) Login; Become a Premium Member; SAP TCodes; SAP Tables; SAP Table Fields; SAP Glossary Search; SAP FMs; SAP ABAP Reports; SAP BW Datasources;. However when I schedule it as background job, it failed. The events to be logged are defined in the Security Audit Log’s configuration. When running a program the message "Not enough shared objects memory exists" is raised. conf" and "props. Click more to access the full version on SAP for Me (Login required). Following screen will appear –. If the configuration is not active or has an unclean state, there is a risk in the form of security breaches due to. At Operating System level, it is desired to read logs from the Security Audit logs (SM20 or RSAU_READ_LOGS). --- "giulio. T. The most used method to retrieve SAP User login history is using the standard SAP Transaction Code ST03N. Hi, I am trying to extract the underlying data which is used by the SAPMSM20 program to provide audit information. Sounds like your SM19 filters are set differently on the app server instances. Transaction logs: capture from STAD. - Both servers are using Windows 2008 R2 (Enterprise) with MS SQL Server 2008 R2. 0 Keywords. Security Audit Log, SM18, SM19, SM20, RSAU_CONFIG, RSAU_READ_LOG, RSAU_READ_ARC, RSAU_ADMIN, SAL , KBA , BC-SEC-SAL , Security Audit Log , How To About this page This is a preview of a SAP Knowledge Base Article. SM20 tcode used for : Analysis of Security Audit Log. /o. 3: The URL is searched, then the form specification, and then the cookie. 21 SP 321), we have introduced the callback whitelist for each RFC destination. Select servers to include in the analysis. SM21 ( SAP System Log ) : The SAP System logs all system errors, warnings, user locks due to failed logon attempts from known users, and process messages in the system log. It is therefore not possible to determine the duration of a user connection using Security Audit Log events. Successful and unsuccessful log-on attempts (Dialog and RFC) . g. Hi Jabin, Helpful blog . When attempting to read security audit logs from SM20, the following popup notification appears. Click to access the full version on SAP for Me (Login required). Thanks and Regards, SriThe process of collecting and displaying data and metrics from the SAP system and its components (for example, dialog instance, central instance, database instance), the virtualization layer, and the physical system. I have run t-code SM20 and AUT10 for the same purpose but it is showing no data available for the transaction code. With the appropriate SM19 settings you can use SM20 to perform analysis once the data is collected. SAP TCode: SM18 - Reorganize Security Audit Log. SM20 - No audit files found on server. I was also facing a lot of trouble to get it done. "user" SAPSYS = "the system itself". This log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. Follow. Technically, you can use either a Firefighter ID (a dedicated user identity with elevated. Symptom After upgrade to S/4 HANA, even audit log has been activated, SM20 does not show audit log or just few logs with priority "Very Critical". When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Number of filters to allow for the security audit log. Understood. Per default, the system suggests a name for all technical users required. Transparent Table. You now have the option to filter message. This log is a tool designed for auditors who need to take a detailed look at what occurs in the AS ABAP system. The parameter rsau/max_diskspace/local is for specifying the maximum size for the file. When I run t code sm20 on production it shows following message ""The result set for this selection was empty"". is then implemented within SM20 program and export the output table to my report for further manipulation. You want to know more details about this Security Audit Log. Does anyone know which tables are used to log the audit information. The Security Audit Log. Pay Scale Tables. Could you please help me how i can insert this cell coloring logic in the above code " In the loop gt_final , if i want to give back ground color " Green,red and yellow based message type in a particular cell . Vote up 1 Vote down. Use the SAP Tcode SM19 for Security Audit Configuration. In transaction SCC4, you have selected the option "Changes w/o automatic recording, no transports allowed" When you edit a repository object in the client, you are still prompted to record the changes in a Transport RequestThe archiving of IDocs leads to a dump with the message TSV_TNEW_PAGE_ALLOC_FAILED. bitella via sap-r3-security" wrote: > > > I am looking for a way to run in background the theHello Guru: I can display list on Audit Log on SM20. SAP Basis - Deleting a Background Job. Visit SAP Support Portal's SAP Notes and KBA Search. One of the problems of this SmartConnector is that the connector is reading the SAL Logfile which is missing message texts. SAP Transaction Code SM20 (Analysis of Security Audit Log) - SAP TCodes - The Best Online SAP Transaction Code Analytics BC SAP_BASIS SM28 Installation Check BC-ABA-LA BC SAP_BASIS SM29 Model Transfer for Tables BC-CTS-CCO BC SAP_BASIS SM30 Call View Maintenance BC-CUS-TOL-TME BC SAP_BASIS SM30VSNCSYSACL Start Analysis of Security Audit Log (transaction SM20). It monitors and logs user activity information such as: . Is there a way to schedule a batch job to generate security audit log (SM20) automatically and possibly send a message to SAP Inbox or generate a spool request? Release is. None. This is a preview of a SAP Knowledge Base Article. In SM20 after filling in the prerequisite fields and selecting the time frame, you will have to extract the audit log as shown in the screenshot below. Hello, This is what I advised a week ago. Step 1 − Use transaction code — SM37. Click to access the full version on SAP for Me (Login required). For more. eAnyway, SM20 will continue to work, as the access therein is performed by the kernel. 0 ; SAP NetWeaver 7. 3 ; SAP enhancement package 2 for SAP NetWeaver 7. This information is recorded on a daily basis in. Create a new class: ZCL_ITS_GEN_SAPUI5_MOBILE. RSAU_READ_FILE, the above Function module will give the output of Sm20, When ever we execute the SM20. Choose transaction SLG2. when using /n<TCODE> or /o<TCODE> in the OK code field. This enable. So, all failed and successful logs of the remaining 84 event. ETM saves SAP security audit logs (SM20 logs), change documents and critical SAP information such as SAP gateway logs. Under audit classes I only have "transaction start" checked. These actions are always audited and recorded. It having following profile parameters ""rsau/enable Enable Security Audit 0"". ABAP System. the Security Audit Log to record security-related system information such as changes to user master records or. The right side offers the section criteria for the evaluation process. It also provides a cleaner UI when filtering on multiple values. SAP NetWeaver 7. This KBA aims to provide a manner of monitoring which ICF services are active/inactive and how to keep track of changes to the service state. 1. 5 ; SAP NetWeaver Application Server 7. - I've checked the BDC 'Call Transaction' approach, but I've just found out that it wouldn't return the list of data to me as well (as this isn't what the BDC 'Call Transaction' is built to do). Jun 16, 2009 at 08:16 PM. You can then access this information for evaluation in. My system landscape. Alert Moderator. One Audit File per Day. This site uses cookies and related technologies, as described in our privacy statement, for purposes that may include site operation, analytics, enhanced user experience, or advertising. You can use the transaction code SE16 to view the data in this table, and SE11 TCode for the table structure and definition. I have to extract log for more than 100 users by using SM20 log. Log file rotation and retention in ICM and WebDispatcher. But the check assignment is changed. Business Scenario: From a microeconomic perspective, a business scenario is a cycle, which consists of severalsecurity audit log (SM20N) has anyone turned on the audit log in your system ? please share with me how you make use of this log and what to be monitored. Our audit log report is not populating with data and I'm trying to determine if that's ok or if there's a configuration issue. SAP has recommend archiving your audit files on a regular basis and deleting the original files as necessary. In such case, the configuration is not correct. Number of filters to allow for the security audit log. is then implemented within SM20 program and export the output table to my report for further manipulation. It is used to create and maintain batch input sessions. Legal. Search for additional results. - A solution that might have worked is via the 'SUBMIT' statement, but this would not fit because SM20 is not a report program. AUD file (Through OS level) from temp system to the system through which the SM20 logs to be viewed. e. 1 - Firefighter Session Details Audit Log Report. SAP Audit Logs SM20 SM21For full course checkWhen using SM20 or RSAU_READ_LOG to evaluate the security audit logs, one of the following behaviors is observed: When starting transactions no AU3 security audit log event is recorded in some cases, e. Start Analysis of Security Audit Log (transaction SM20). I wonder how to clear this log please. SM20, the amount of data being handled is quite big, reaching memory. The parameter rsau/max_diskspace/local is for specifying the maximum size for the file. Go to transaction SM20. Using SM20 in such case can bring a result like: Even though there are SAL entries recorded in the files. Otherwise you can recreate the user and try. The systems generate already new entries. Where as able to get other information except that particular user. Read more. Once the data is extracted the field “Terminal” will give you your answer. Click to access the full version on SAP for Me (Login required). Please show me that how can i find that which IP address accessed my sap server? I know the user ID but the same is using by 4 persons. As I mentioned in my previous blog, the most comprehensive document on SAL that I ever found, is available here: “ Analysis and Recommended Settings of the Security Audit Log (SM19 / SM20) ”. I have noticed that some consultants are used to load lots of SAL files at once in SM20 (e. You might try to use SM21 with ID R47 but it's not straight forward and it. They will introduce performance. With SAP Fiori front-end server 2020 for SAP S/4HANA there is a new concept to structure the content on the SAP Fiori launchpad: Spaces and Pages. GRC AC 10. SAP migration overview : As the Greek philosopher, Heraclitus, said: “change is the only constant. For examples of typical filters used, see Example Filters. Here the main SAP SM* Tcodes used for User, System. SUIM --> User Information System --> User --> By Logon Date and Password Change. The SAP Security Audit log is a weird beast, it is written in UTF-16 even though it only shows simple ASCII, maybe SAP has a deal with disk manufacturers. A table can be manipulated by a program or manually. One such TCode is SM20, which provides access to Analysis of Security Audit Log SAP screen functionality within R/3 SAP (Or S/4HANA) systems, depending on your version and release level. SAP offer Blockchain-as-a-Service options for chains like these and have some excellent documentation on the use-cases. ), or in the Job logs or system logs (transaction SM21): DP_SOFTCANCEL_SAP_GUI_DISCONNECT. 2 Answers. 様々な条件でレポートを出力できるように. Report ZSM04000_SNC shows a cross-client list about users, their terminals, the connection type and the SNC status. For getting the Entries i would like to Execute the above function module. 5) Occasionally you will use SM18 to free up space of old logs by either deleting them or archiving them to tape. 2, logs were returned on that particular date. Via fully auditable workflows in the ‘Access Request Service’ of SAP Cloud Identity Access Governance, users in SAP S/4HANA Cloud for advanced financial closing can initiate self-service access requests for user. Regards. This is a preview of a SAP Knowledge Base Article. Below for your convenience is a few details about this tcode including any standard documentation. 知りたいといような要望で使うこともあります。. SM20. I understand best practice says to lock. To extract data from all the clients, enter a wildcard value (i. We can use the above concept to get any table behind a Transaction Code. << Moderator message - Everyone's problem is important. How to retrieve the login history for any SAP user and the list of SAP transaction codes executed by a SAP user. 0 from support pack 10. Because SAP Consulters always need more and more privileges. After a few months , we restarted the system and the slots which we add later changed to inactive . and as i already told there are also some like that users (with transaction records in sm20, but without logon successful record). Hope this will help. Displaying T code description and T code field in Output ALV of report SM20 in SAP system - There is include rsau_class_auditlist_impl and to add an additional column into table mt_outtab you can try via an enhancement of this rsau_class_auditlist_impl. Use SM20 - Transaction Code Column. please explain the usage of transaction codes SM18, SM19, SM20 in SAP, for audit. More Information. Transaction SM20 is used to see the Audit log . i have observed after kernel upgrade at OS level audit file format was changed in to ++++++++######. Then Select the period. listasci = i_ascii " list converted to ASCII. Indeed i am looking for coloring the particular cell as you mentioned above , passing values to it_excel . This log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. The session management system provides: Common administration and monitoring of session state. SAP ERP Central Component all versions ; SAP ERP all versions ; SAP S/4HANA Cloud all versions ; SAP S/4HANA all versions ; SAP enhancement package for SAP ERP all versions ; SAP enhancement package for SAP ERP, version for SAP HANA all versions Keywords. To delete logs in the background, choose the Delete Immediately option. When using SM20 or RSAU_READ_LOG to evaluate the security audit logs, one of the following behaviors is observed: When starting transactions no AU3 security audit. When reconciling the SM20 logs and the Consolidated Log Report entries, there are log entries in the SM20 log that are not captured in the log report, such as the following entries below. Search for additional results. We also changed the SID. Recommended Settings for the Security Audit Log (SM19 / SM20) This blog had started to give recommendations about settings for the Security Audit Log, but. Whether you use the process documented in SAP Note 1716731 or a utility program that reads the statistics data, you. I've experimented a bit with SM19 authorizations and figured out that a read-only access to SM19 is possible if I deactivate S_C_FUNCT. Start Analysis of Security Audit Log (transaction SM20). In addition to an invoked transaction, these events contain information from what a report the call was. In the "transforms. The defined selections can then be reused in consolidation-related settings, such as validation rules, reclassification methods, currency translation (CT) methods, and breakdown categories. Best regards. So I am not considering this to get the Audit Log. Enter SAP#*. Read more. Here is a list of possible Sm20 related transaction codes in SAP. Visit SAP Support Portal's SAP Notes and KBA Search. 4) Then Use SM20 to read your logs. It enables a user to either process or monitor batch input jobs. This field captures the Terminal/IP-address of the system in. user lock, SM19, SM20, RFC, JCO, Security Audit Log, analyze user lock, . Dear all, How to check terminal name and tcode used by specific user in sap previous month. 次回はSAPのユーザ. SM20 - Security Administrator run this report periodically to get the details of 'Failed logons' of the users in the Production system and investigate the causes. We will set out the approach to adopt for 5 critical SoD conflicts you should prevent in your company. At-least suggest me how to find them. rsau/selection_slots. To solve this issue: follow the instructions from OSS note 2781045 – ANST / ST22 note. Maintain the profile parameter “gw/logging” with appropriate logging activated in transaction SMGW; more information is available in SAP note 910919. The Security Audit Log. This. Terminates all separate sessions and logs off (corresponds to System - Logoff. Logging and Monitoring. AIS is a tool designed to take a more detailed look at specific activities occurring in the SAP R/3 System, such as: Three transactions let you configure, activate, report, and remove audit log. When you call SM04 and choose "Goto -> Memory", the system displays the memory that is allocated for each user; the bottom line specifies the total memory requirement for all users. Hi, I am trying to extract the underlying data which is used by the SAPMSM20 program to provide audit information. ” Same goes within SAP world too, often customer have to change the SAP systems along with its underlying components to meet the changing requirements, be it change from old hardware to new one, changing operating system, database. For example the "Transaction Code" column shows entries S000 or SESSION_MANAGER. There is a possibility of monitoring program behavior through the SAP Security Audit (SM20). 3 ; SAP NetWeaver 7. The program GRAC_EAM_LOG_SYNC_TIMEBASED was also extecuted but still, log is not showing up in the FireVisit SAP Support Portal's SAP Notes and KBA Search. Thanks and Regards, Sri The process of collecting and displaying data and metrics from the SAP system and its components (for example, dialog instance, central instance, database instance), the virtualization layer, and the physical system. Please provide a distinct answer and use the comment option for clarifying purposes. This parameter specifies which methods are used to search for SAP-specific parameters in the HTTP request. For example, the retention amount is released to the vendor when certain expectations are met or on a specified date that your vendor has agreed upon. /oxyz. Select this option to allow only a single security audit file for the application server and enable the Maximum Size of Audit File parameter. The Security Audit Log produces an audit analysis report that contains the audited activities. We can use the above concept to get any table behind a Transaction Code. But if the password lock happens within minutes, then STAD will be faster -> select the user -> you will see a step recorded in program SAPMSYST -> double-click it -> click on the hotspot "RFC" at the top and there you can see the connection details and the host names from the caller. Below for your convenience is a few details about this tcode including any standard documentation. Maintain the profile parameter “gw/logging” with appropriate logging activated in transaction SMGW; more information is available in SAP note 910919. however, I can see the audit data in local server directory as below: I had try to restart but still having same problem. SAP Audit Management for SAP S/4HANA provides an end-to-end audit management solution that can be used to build audit plans, prepare audits, analyze relevant information, document result, form an audit opinion, communicate results, and monitor progress. It's equivalent to T-code STAD. AUT10 is a transaction code in SAP LO application with the description — Evaluation of Audit Trail. Visit SAP Support Portal's SAP Notes and KBA Search. RSS Feed. Use transaction SM20 (In case of older NetWeaver release you need to do it for each application server) to read the Security Audit log. None. Always make sure that the Web Dispatcher Administrative Functions are not accessible from networks. 2 ; SAP NetWeaver 7. Hello. Click more to access the full version on SAP for Me (Login required). Audit has requested that a monthly review be put in place. Search for additional results. Step 2 − Use * in the Job Name column and select the status to see all the jobs created. however I couldn't read the audit log from SM20. Profile Parameter Definition Standard or Default Value; rsau/enable. 3) STAD Transaction gives log for perticular Time slot and not for long Period of time like Month's data. Use of SM20. This way, allocated memory will be released after leaving the transaction. Add a Comment. Run this report regularly and as soon. SAP Business Planning and Consolidation 10. 3) SM20 : Result Empty. These are security audit transactions. Hello, In SM20 we have a lot of alerts RFC/CPIC logon failed, reason=24, type=R, method=T user sapsys, client 000, program SAPMSSY1 , that are generating very often, every hour we have 2, 3 alerts. But if the password lock happens within minutes, then STAD will be faster -> select the user -> you will see a step recorded in program SAPMSYST -> double-click it -> click on the hotspot "RFC" at the top and there you can see the connection details and the host names from the caller. 1805 Views. The left side displays the host servers of the AS ABAP. RSS Feed. Click to access the full version on SAP for Me (Login required). ST03 (n) /STAD will fetch you the user activities. The Audit Information System (AIS) provides a means of logging additional activities in the Security Audit Log that are not captured in the System Log. Transactions STAD, SM19, SM20 SAP security audit log setup 1. Transaction SE38 and provide the program name RSSTAT26 as in screen. The right side offers the section criteria for the evaluation process. I've got the following task to fulfil: I'd like to periodically save the evaluation of the Security Audit Log/transaction SM20 to a defined location (OS basis would be ok), ideally with a timestamp as the filename. By using the audit analysis report you can analyze events that have occurred and have been recorded on a local server, a remote server, or all of the servers in the SAP System. Use tcode sm19 and sm20 to maintain and see the user history. 3 behavior) can be configured in GRC 10 and GRC 10. Select this option to allow only a single security audit file for the application server and enable the Maximum Size of Audit File parameter. EXCEPTIONS. Regards, sudheer. SAP GUI SAP Help Portal – SAP GUI for Windows SAP Community – SAP GUI – SAP. 951 Views. Is there a way to lock all users. The events to be logged are defined in the Security Audit Log’s configuration. Goto st03n and check the transaction profile for Jan month and by double clicking on transaction code you will get expected result. About this page This is a preview of a SAP Knowledge Base Article.