Security Monitor in CCMS

Use

You can use this monitor to monitor messages in the Structure linkSecurity Audit Log, broken down into various areas, and to monitor security-relevant messages in the system log (see also Structure linkComparing the Security Audit Log and the System Log).

Prerequisites

You must have activated the Security Audit Log (transaction SM19).

This graphic is explained in the accompanying text

Features

The monitor contains the following monitoring tree elements (MTEs):

MTE Name
(MTE Class)

Meaning

Logon
(SecurityLogon)

System logon events reported by the Security Audit Log:

· Successful logons, unsuccessful logon attempts, and log offs by a user

· Locking of a user due to unsuccessful logon attempts, and the removal of the lock

RFCLogon
(SecurityRFCLogon)

RFC/CPIC logon events reported by the Security Audit Log:

· Successful RFC/CPIC logon

· Unsuccessful RFC/CPIC logon attempt

TransactionStart
(SecurityTransactionStart)

Transaction events reported by the Security Audit Log:

· Transaction started and failed transaction start

· Transaction locked or unlocked

ReportStart
(SecurityReportStart)

Events connected with starting reports reported by the Security Audit Log:

· Successful start

· Failed start

RFCCall
(SecurityRFCCall)

Events connected with calling Remote Function Calls (RFCs) reported by the Security Audit Log:

· Successful call

· Unsuccessful call

UserMasterRecords
(SecurityUserMasterRecords)

Events connected with changes to user master records reported by the Security Audit Log:

· User deleted, locked, or unlocked

· User master or authorizations of a user changed

· Authorization/authorization profile created, changed, or deleted

System
(SecuritySystem)

Events connected to system parameter changes reported by the Security Audit Log:

· Configuration of the Security Audit Log changed

· Application server started or stopped

Miscellaneous
(SecurityMiscellaneous)

Other events reported by the Security Audit Log:

· Download of a file

· Call of a digital signature

· Test message

System Log Messages
(R3SyslogSecurity)

Messages in the Structure linksystem log for the security category; you can set the category in which a message is reported, the message text, and the severity and criticality of the alert using the message ID in transaction SE92

The system records security-relevant actions in the Security Audit Log. You decide which actions are recorded there and which should trigger an alert in the Alert Monitor on the Security Audit Log configuration screen (transaction SM19).

See also Structure linkDefining Filters

Activities

To start the monitor, follow the procedure below:

...

1. Start the Alert Monitor using transaction RZ20 or choose CCMS ® Control/Monitoring ® Alert Monitor.

2. On the CCMS Monitor Sets screen, expand the SAP CCMS Monitor Templates set.

3. Start the Security monitor from the list by double-clicking it.

0 comments:

Post a Comment