Auditing plays a vital role in maintaining database security, regulatory compliance, and operational accountability in SAP Adaptive Server Enterprise. By capturing security-related events such as login activity, privilege changes, object access, and administrative operations, the ASE audit subsystem provides administrators with a reliable mechanism for tracking and reviewing critical system activity.
Historically, SAP ASE stored audit records exclusively in the sysaudits table within the sybsecurity database. While this approach remains useful for database-centric auditing, modern enterprise environments often require tighter integration with operating system logging frameworks and centralized monitoring solutions.
To address these requirements, now SAP ASE supports multiple audit destinations through the audit trail type configuration parameter. In Linux environments, audit records can be directed to:
the sysaudits table,the operating system syslog infrastructure,or both simultaneously (Starting from ASE 16.1 SP01)
The ability to write audit records to syslog enables integration with standard Linux logging utilities such as rsyslog, making it possible to:
Redirect audit logs to dedicated filesForward audit events to centralised log serversIntegrate with SIEM platformsSeparate ASE audit data from general system logs for easier administration and monitoring
Starting with ASE 16.1 SP01, SAP ASE introduces support for the both audit trail type, allowing audited events to be written simultaneously to both the database audit table and the OS syslog service. This provides greater flexibility for environments that require both long-term database-side retention and external log aggregation.
This blog discusses the available audit trail types in SAP ASE, explains how syslog-based auditing works on Linux, and walks through the configuration required to redirect ASE audit records to custom log files using rsyslog.
Auditing plays a vital role in maintaining database security, regulatory compliance, and operational accountability in SAP Adaptive Server Enterprise. By capturing security-related events such as login activity, privilege changes, object access, and administrative operations, the ASE audit subsystem provides administrators with a reliable mechanism for tracking and reviewing critical system activity.Historically, SAP ASE stored audit records exclusively in the sysaudits table within the sybsecurity database. While this approach remains useful for database-centric auditing, modern enterprise environments often require tighter integration with operating system logging frameworks and centralized monitoring solutions.To address these requirements, now SAP ASE supports multiple audit destinations through the audit trail type configuration parameter. In Linux environments, audit records can be directed to:the sysaudits table,the operating system syslog infrastructure,or both simultaneously (Starting from ASE 16.1 SP01)The ability to write audit records to syslog enables integration with standard Linux logging utilities such as rsyslog, making it possible to:Redirect audit logs to dedicated filesForward audit events to centralised log serversIntegrate with SIEM platformsSeparate ASE audit data from general system logs for easier administration and monitoringStarting with ASE 16.1 SP01, SAP ASE introduces support for the both audit trail type, allowing audited events to be written simultaneously to both the database audit table and the OS syslog service. This provides greater flexibility for environments that require both long-term database-side retention and external log aggregation.This blog discusses the available audit trail types in SAP ASE, explains how syslog-based auditing works on Linux, and walks through the configuration required to redirect ASE audit records to custom log files using rsyslog. Read More Technology Blog Posts by SAP articles
#SAP
#SAPTechnologyblog
