products:promonitor:latest:monitorsguide:netweaver:auditlogs
Table of Contents
Audit logs
Monitoring of the audit logs allows to detect any suspicious activity
Configuration hints
- Use this monitor to watch audit logs and report selected events
- You select to monitor the following types of events:
- Task start
- Report start
- RFC start
- RLogon events
- User Management
- Log level
- System events
- Logon events
- For each kind of events, use can tailor the monitoring response using filters on the following elements:
- Client
- TCODE
- Program
- User
- Message
- You can choose the thresholds for alarm triggering based on the number of events matching a rule within a given period
- Note: Audit logs must be active on the system
Surveillance table
| Parameter | Description |
|---|---|
| Active | To enable or disable a rule |
| Client | To filter results for specific client. You can use regular expressions |
| Tcode | To filter results for specific transaction. You can use regular expressions |
| Program | To filter results for specific Program. You can use regular expressions |
| User | To filter results for specific user. You can use regular expressions |
| Message | To filter results for specific message. You can use regular expressions |
| Max Log | Threshold of number of events for triggering an alarm |
| Aggregates | If set to true, only one alarm for all events matching the filter will be sent. If set to false, one alarm per event will be sent. |
| Severity | The severity of the alarm generated if threshold is breached. |
| Auto clear | If checked, the alarm will be cleared as soon as the alarm condition is not met anymore. |
| Alarm tag | A field to use if you want to prefix alarm message with a given text. |
| Alarm | Enable/disable alarm sending |
| Metadata | Enable/disable metadata sending |
products/promonitor/latest/monitorsguide/netweaver/auditlogs.txt · Last modified: by 127.0.0.1