The Security Audit Log is a tool designed to be used by the auditors to monitor the activities in the SAP System. Transaction SM20 is used to see the Audit log . By activating the audit log, you keep a record of those activities you consider relevant for auditing. You can then access this information for evaluation in the form of an audit analysis report. The Audit Log can be scanned for a period of time, user, transaction, report, etc.
To access the Security Audit Log Analysis screen from the SAP standard menu, choose:
Tools->Administration->Monitor->Security Audit Log->Analysis
Transaction SM20 – Analyzing the Audit Log
The Audit report runs periodically by Security Administrator to get the details of the unsuccessful logon attempts of the users in the Production system and investigate the causes. Apart from that other details can also be obtained.e.g.Failed transations, users running the critical reports etc.