Reputation: 445
SAP HANA Audit logs
Have been exploring SAP HANA Auditing feature with Audit policies. Read tons of articles at help.sap.com, documents from sap.com/support past few days and played with policies in HANA DB. After experimenting, questions came up, that can't find the answers.
Situation: When creating policy, one in the steps, you have to set the "Audit Level", a list from values "INFO","WARNING","ALERT","CRITICAL","EMERGENCY". Created all different policies with each "Audit level", with same configurations ("Audited Action Status => "All", "Audited Actions" => all the DML actions, "DELETE","EXECUTE","INSERT","SELECT","UPDATE"). When performing the actions in DB, almost all policies logs the event (when selecting with no rights, "WARNING" doesn't pop up)
Questions:
- What are the differences between the Audit levels?
- Is one of them the "Master" level, that logs everything?
- Is there a dependency between "Audit levels" and "Audited Actions"?
Could someone provide an explanation from their experience or provide a link, where i can find answers? Thank you for your time.
P.S. Using SAP HANA 2.0 SPS04
Upvotes: 0
Views: 1543
Answers (1)
Reputation: 10388
The "AUDIT LEVEL" setting is purely non-functional.
You can assign the level of importance, severity, urgency or whatever you want to associate with a specific type of logged audit event.
There is no interdependence between those levels, except the order which is provided by convention:
INFO < WARNING < CRITICAL < ALERT < EMERGENCY
This order is not an official standard but something similar is rather commonly used and the eagle-eyed observer will notice the similarity to the syslog levels.
To be clear: this setting assigns the level to an audit event message after the event occurred. It does not group audit events per se into those levels, but leaves it to the administrator to decide which audit action should correspond to which level.
The idea here is that these levels are application/system-specific and that upon review of the audit-logs the messages might be filtered by the level.
Not sure why in your case an audit policy for SELECT did not write out the event when the level was configured to WARNING, though. If you can reproduce this, I'd propose to file a bug for that.
Upvotes: 1
Related Questions
- HANA transaction log overflow?
- SAP HANA Analytical Views
- how to reproduce an analytic view in SAP HANA database using the .analyticview xml descriptor file?
- SAP Hybris logs to Application Insights are very large(more than 100 GB per day for Production)
- Extracting query-history in SAP HANA
- How to collect access logs from different nodes?
- SAP HANA: Customer history
- SAP HANA - Monitor ressource access
- Solutions for Audit Logging in Java EE applications
- Oracle DB audit trails