products:promonitor:6.8:monitorsguide:netweaver:auditlogs

Audit logs

Monitoring of the audit logs allows to detect any suspicious activity 

Configuration hints

  • Use this monitor to watch audit logs and report selected events
  • You select to monitor the following types of events:
    • Task start
    • Report start
    • RFC start
    • RLogon events
    • User Management
    • Log level
    • System events
    • Logon events
  • For each kind of events, use can tailor the monitoring response using filters on the following elements:
    • Client
    • TCODE
    • Program
    • User
    • Message
  • You can choose the thresholds for alarm triggering based on the number of events matching a rule within a given period
  • Note: Audit logs must be active on the system

Surveillance table

ParameterDescription
ActiveTo enable or disable a rule
ClientTo filter results for specific client. You can use regular expressions
TcodeTo filter results for specific transaction. You can use regular expressions
ProgramTo filter results for specific Program. You can use regular expressions
UserTo filter results for specific user. You can use regular expressions
MessageTo filter results for specific message. You can use regular expressions
Max LogThreshold of number of events for triggering an alarm
AggregatesIf set to true, only one alarm for all events matching the filter will be sent. If set to false, one alarm per event will be sent.
SeverityThe severity of the alarm generated if threshold is breached.
Auto clearIf checked, the alarm will be cleared as soon as the alarm condition is not met anymore.
Alarm tagA field to use if you want to prefix alarm message with a given text.
AlarmEnable/disable alarm sending
MetadataEnable/disable metadata sending
/home/clients/8c48b436badcd3a0bdaaba8c59a54bf1/wiki-web/data/pages/products/promonitor/6.8/monitorsguide/netweaver/auditlogs.txt · Last modified: 2025/03/13 17:30 by rbariou