This website is not affiliated with, sponsored by, or approved by SAP AG.

Disadvantages of SM19 and SM20

Basis (Basis Technology Modules: Basis Component/System Administration, GUIs)

Moderators: Snowy, thx4allthefish

Disadvantages of SM19 and SM20

Postby gvssud » Wed Jan 16, 2013 4:37 am

Hi,

What are the disadvantages of sm19 and sm20.
gvssud
 
Posts: 16
Joined: Tue Jul 05, 2011 6:55 am

Re: Disadvantages of SM19 and SM20

Postby Zavaros » Thu Jan 17, 2013 11:16 am

hi,

the question is too generic.

Every new function means:
    - extra responsibility
    - extra administration tasks
    - increased disk space requirement
    - ... and less free time.

Regards,

Zav
Zavaros
 
Posts: 756
Joined: Thu Oct 24, 2002 10:50 pm
Location: Hungary

Re: Disadvantages of SM19 and SM20

Postby Gary Morris » Fri Feb 01, 2013 4:54 pm

Advantage of SM19 = besides logging security critical events if they occur, the text log files that are created for each day allows for other tools such as CCMS log agents to read character strings and alert if found. This allows for customization of your email alerts instead of only what is available in the pre packaged Security alerts in CCMS. SM19 is a great way to collect all RFC calls if you are wanting to get authorization S_RFC with * in function group out of production but not sure what function groups are being called.
Some say you should not turn on all audit options in SM19 because it might cause a performance issue. I doubt it will in most environments now days however it is going to be too hard to read it with SM20 and will need to be analyzed offline.
SM20 is only useful for reading your logs if you don't have to search too much data. Otherwise you can analyze the logs offline with something better.
Make sure you enable static profile auditing so it will start auditing before anyone logs into the system. Dynamic logging is more useful but turns off after system restart.
Gary Morris
SAP Security Consultant
garydavidmorris@gmail.com
Gary Morris
 
Posts: 399
Joined: Sun Oct 20, 2002 10:42 pm
Location: San Antonio, Texas

Re: Disadvantages of SM19 and SM20

Postby Zavaros » Sun Feb 03, 2013 4:47 pm

Hello,

the default response on generic questions is: 42. If you do not know what are you asking then what will you do with the response?

nevertheless if we are going into this topic...

Security audit log is a tools... like hammer. What is the advantage and disadvantage of a hammer? It is good on nails and disastrous on screws... and it needs maintenance.

Turning on the audit log will help you to answer questions like: what reports were run by user at given time. who all were running the transaction when issue occurred.
It will not help you respond the questions: who deleted the invoice? Was the user authorized to run the report?

If it is not used wise then it will fill up your file system with garbage information you can not handle ... and in worst case could cause system crash.

I was arguing with security guys who demanded turning on audit log without building up clear procedure/workflow for evaluation... and without defining how long the data should be kept.

Regards,
Zav
Zavaros
 
Posts: 756
Joined: Thu Oct 24, 2002 10:50 pm
Location: Hungary


Return to Basis

Who is online

Users browsing this forum: Google [Bot] and 5 guests





loading...


This website is not affiliated with, sponsored by, or approved by SAP AG.