• Rsau/maxdiskspace/local is a SAP Parameter attribute which is used to control Maximum space for security audit file information. This is available within R/3 SAP systems depending on the version and release level. Below is the standard documentation available and a few details of the attributes values.
• The rsau/local/file parameter must be specified in Releases 4.0 and 4.5. For compatibility reasons, it is also still analyzed up to and including Release 6.20. As of Release 4.6 it can be left out.
• Rsau/local/file path to audit log file. Rsau/maxdiskspace/local maximum space to allocate for the audit files. Rsau/selectionslots 3.
• Rsau/local/file: Name and location of the audit log file rsau/maxdiskspace/local: Max. Space of the audit file. If maximum size is reached auditing stops.

• Rsau Local File Online
• Rsau Local File Extension
• Rsau Local File Cabinet
• Rsau Local File Bankruptcy
• Rsau/local/file Not Found
• Rsau/local/file

Parameter

RSAUREADFILE is a standard SAP function module available within R/3 SAP systems depending on your version and release level. Below is the pattern details for this FM showing its interface including any import and export parameters, exceptions etc as well as any documentation contributions specific to the object.

rsau/max_diskspace/per_file

Short text

Maximum size of one single security audit file

Parameter Description

The parameter specifies the maximum size of a security audit file. This means the file size can be adjusted to the requirements of any available archiving software. For example, the size can be restricted to 650 megabytes in order to be able to archive on normal CDs. If this size is reached, then a new audit file is started. The counter in the file name is then increased by one for the new file.

Rsau Local File Online

Only when this parameter is greater than zero can more than one audit file be created each day. In this case the file name of the audit failes also changes (see parameter FN_AUDIT).

Application Area

System

Parameter Unit

• Whole number without suffix: Unit Bytes
• Whole number with suffix “k” or “K”: Unit Kilobytes
• Whole number with suffix “m” or “M”: Unit Megabytes

Default Value

0 (= only one audit file each day, as before 4.6A)

Rsau Local File Extension

Who is permitted to make changes?

Customer

Operating System Restrictions

Rsau Local File Cabinet

None

Database System Restrictions

None

Are other parameters affected or dependent?

This parameter is only relevant if

– Parameter rsau/enable has value 1 (audit is activated) or audit with transaction SM19 is activated dynamically.

If the parameter is set greater than zero, then the parameter FN_AUDIT must be converted to the necessary file name template. In addition to this the parameter rsau/max_diskspace/per_day must be set with a value that is at least three times larger.

Rsau Local File Bankruptcy

Values allowed

• Whole number => Unit Bytes
• Whole number with suffix “k” or “K” (without blank) => Unit Kilobytes
• Whole number with suffix “m” or “M” (without blank) => Unit Megabytes

The maximum size is 2 GB (= 2.147.483.647 Bytes).

The minimum size is 1 MB (= 1.048.576 Bytes). A smaller value is changes by the kernel to 1 MB.

Entries in bytes are converted internally into kilobytes.

Rsau/local/file Not Found

Resolution:

Turn on Security Audit Logging using SM19, and review the audit logs using SM20. Use a filter to log everything available for a particular user id. Analyze the logs in SM20 for that user ID.

Pay attention to the terminal being used. If you see more than one terminal, it could be someone else trying to use the id. Also depending on what the application is for, it might be necessary to change the user ID to type System to resolve locks or expired passwords for a non-dialog user in some cases.

Specifically when a non SAP application is able to change the pw of a non dialog id. There is documentation on setting up SAP Security audit logs. It is not difficult. You can even have a CCMS log agent email you in real time if log entries are showing up in the audit logs for that ID and catch the person in the act or identify the underlying cause.

You should also consider reviewing RFC logs. Rotmg daggers. Turn up the verbosity of the trace and you can see alot of details when the id is being used in RFC scenarios.

Rsau/local/file

SAP Security Audit Logs

SAP R/3 supports an internal auditing system, called the Security Audit Log. Each SAP application server maintains a daily audit file. You can specify the name and location of the Security Audit Log using the rsau/local/file profile parameter.

To activate the internal audit system, set the audit log parameters as described in the following table :

Audit Log parameter settings Audit Log Parameter Set value to..

rsau/enable 1
rsau/local/file path to audit log file
rsau/max_diskspace/local maximum space to allocate for the audit files
rsau/selection_slots 3
rec/client ALL

Note:
The rsau/local/file parameter contains the entire path name to the audit logs, as well as the file name. The file name must include + symbols to contain a variable datepart. Do not include a file extension in the file name. See the following examples for clarification.

This example shows a valid path and filename:
/usr/sap/machine1/log/audit_++++++++

This example shows an invalid path and filename; the filename does not include a datepart:
/usr/sap/machine1/log/audit

This example shows an invalid path and filename; the filename includes a file extension:
/usr/sap/machine1/log/audit_++++++++.aud

After you set the audit log profile parameters, start transaction SM19 to specify which events to log in the Audit Security Log.