Answer

Static vs. dynamic filter configuration in AIS

Expert Muhammed Farooq Ali explains the difference between these types of filters in SAP Basis.

Farooq Ali
By
Published: 19 Mar 2007
Could you please tell me the differences between static and dynamic filter configuration in AIS?
If you use static filters, all of the application servers use identical filters for determining which events should be recorded in the audit log. You have to define filters only once for all application servers. You can also define several different profiles that you can alternatively activate.

Result The filters you define are saved in the audit profile. If you activate the profile and restart the application...

server, actions that match any of the active filter events are then recorded in the security audit log. Before you can set Static Filters, you must first set the following profile parameters: rsau/enable rsau/local/file rsau/max_diskspace/local rsau/selection_slots

Dynamic filters enable you to respond to real-time events in your system environment, setting traps that can assist you in addressing a security problem. With this option, you can dynamically change the filters used for selecting events to audit. The system distributes these changes to all active application servers.

Result
The audit filters are dynamically created on all active application servers. If you activate the profile(s), any actions that match any of these filters are recorded in the security audit log. Changes to the filter definitions are effective immediately and exist until the application server is shut down. Before you can set dynamic filters, you must first set the following profile parameters:
rsau/local/file
rsau/max_diskspace/local
rsau/selection_slots

Dig Deeper on SAP Basis

SearchERP
SearchOracle
SearchDataManagement
SearchAWS
SearchBusinessAnalytics
SearchContentManagement
SearchHRSoftware
Close