Skip to main content
Skip table of contents

SM19

Data Description

The SM19 event is used in SAP to configure the security audit log (SM20).

Potential Use Cases

This event could be used in the following scenarios:

  • Identify changes to the security audit log configuration

  • Understand which parameters are set in the security audit log

  • Alert on unexpected modifications to the security audit log.

Splunk Event

SM19 with EVENT_SUBTYPE=PROFILE

This event displays the activation and change dates to the security audit log. The event in Splunk will look like this:

SM19 with EVENT_SUBTYPE=FILTERS

This event displays the filter settings for individual filters set in the SM19 transaction. The event in Splunk will look like this:

SAP Navigation

SM19 with EVENT_SUBTYPE=PROFILE in SAP Netweaver System

Execute the SM19 transaction in the system. Click on Static or Dynamic Configuration dialog button. The value below will display the profile details, and will match the information collected and sent to Splunk.

SM19 with EVENT_SUBTYPE=FILTERS in SAP Netweaver System

Execute the SM19 transaction in the system. Click on Static or Dynamic Configuration button. Then click on the desired Filter. The data below will match the values extracted and sent to Splunk.

SM19 with EVENT_SUBTYPE=PROFILE in SAP S/4 HANA System

Execute the SM19 transaction in the system. Double-click on the desired filter. The profile details will be displayed in the top of the screen under Header Data. The data displayed will match the data extracted and sent to Splunk.

SM19 with EVENT_SUBTYPE=FILTERS in SAP S/4 HANA System

Execute the SM19 transaction in the system. Double-click on the active filter to see the selection criteria. The data displayed will match the data extracted and sent to Splunk.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.