Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

To be able to send the HANA Audit logs to splunk, you need to first enable the auditing by following the steps below:

  1. Ensure that the user SAPABAP1 has the AUDIT READ system privilage

  2. In the SAP HANA Studio expand the system on which you would like to enable auditing

  3. Expand the ‘Security’ folder

  4. Double click on ‘Security' option

  5. Click on the Auditing Status drop down menu; by default it will be ‘Disabled.’

  6. Select ‘Enabled.’

  7. Ensure that the right “Audit Trail Target” is selected and hit “Deploy”

  8. Create the necessary Audit policy. This is the data that will eventually be splunked

Once these changes are done, login to the SAP system and ensure that the metric HDB_DBCC_AUDIT is enabled by following the steps below:

  1. Goto /n/bnwvs/main transaction

  2. Choose Adminsitrator → Setup Group Def from the menu

  3. Ensure that the extractor is stopped and hit enter on the key board

  4. Ensure that the checkmark in the column “Active” is selected for Group Definition ”HDB_DBCC_AUDIT”

With these actions you will see that HANA audit information in Splunk and ensure that the data is onboarded by running the SPL “EVENTYPE :: HDB_DBCC_AUDIT“ in Splunk.

  • No labels