This article explains how to forward all logs coming from a SAP HANA instance.
SAP HANA is an in-memory relational database management system that serves as a database server for SAP applications. SAP HANA auditing provides a log of database transactions and can answer the question of who did what and when. Audit logging may be required for security audits and compliance and can help tighten security practices by uncovering security holes, such as users with unnecessary privileges or attempts to breach the system.
Auditing is not enabled by default. Activating it requires that you first configure audit parameters, and then create an audit policy to define the actions that should be audited. SAP HANA supports three audit trail targets, syslog, SAP HANA database table, and CSV text file.
The following SQL statement enables auditing in the system database.
ALTER |
The next statement sets the audit target to database table (the default is SYSLOGPROTOCOL
).
ALTER |
The CREATE AUDIT POLICY
statement has the following format:
CREATE
|
For example, this statement audits INSERT
operations on a table HOTEL.CUSTOMERS
by USER1
.
CREATE HOTEL.CUSTOMERS FOR USER1 LEVEL INFO; |
SAP HANA syslog audit trail
SAP HANA does not provide log forwarding capabilities; however the operating system syslog daemon can be configured to forward audit logs coming from SAP HANA. The following examples show how this can be achieved with Rsyslog.
To forward all logs coming from a SAP HANA instance:
:msg, contains, "<sid>;<instanceno>" @@<ip>:11687 |
For example, this configuration forwards all logs from SAP HANA database.
server HXE
instance 90
to <forwarder IP>
on port 11687.
:msg, contains, "HXE;90" @@<forwarder IP>:11687 |
This configuration uses a control structure to only forward logs with syslog facility authpriv
.
if ($syslogfacility-text == "authpriv" and \
|
The forwarding configuration needs to be added to the /etc/rsyslog.conf
file. For configuration options related to other syslog daemons.
Comments
0 comments
Please sign in to leave a comment.