Objective

Prerequisites

• Availability of license purchased.
  
  For build lower than 13000 - EventLog Analyzer consumes one application license for each import and each unique log format identified during log file import - Importing the same file twice with different formats will consume two licenses.
  For build from 13000 & higher - EventLog Analyzer/Log360 consumes one Log source license for onboarding the respective source machine.
• The file to be imported has to be plain text and not encrypted.
• The necessary ports and permissions to perform log import are provided in this chart:

Steps to follow 

• rsau/enable = 1
• rsau/local/file = <log location>/audit_00

• SMB - Windows
• FTP
• SFTP

• Username and password - Used by SMB - Windows, FTP and SFTP
  
• SSH private key file sharing (specific to SFTP protocol)
  ​

 Case 1: Authentication type: Username and password 

• Step 1: Click the + Import Logs option in the top right corner of the screen.
• Step 2: In the Browse File(s) section, select Remote Path tab.
• Step 3: In the Device field, enter the device name from which you wish to import the log file or click the + icon to browse for and select the Windows device.
• Step 4: In the Protocol drop-down, choose the required protocol, SMB-Windows or FTP and SFTP, and enter the port number.
• Step 5: Provide the Username of the remote device, and the Password field will pop up.
• Step 6: Enter the Password in the field.
• Step 7: Use the Browse button to search for and select the file to be imported and click OK.
• Step 8: Select the Log format as SAP ERP audit Logs .The Store Logs for Short-term option will retain the imported log data in EventLog Analyzer for two days. If the option is left unchecked, the logs will be stored as per your data retention configuration.
• Step 9: You can choose to schedule the log import at specific time intervals. You can also schedule the log collection by reading the same file on periodic manner or by creating a specific naming conventions for files. Refer How to Perform Scheduled Import Log Collection in EventLog Analyzer for more details.
• Step 10: Click Import to save the configuration.
  

 Case 2: Authentication type: SFTP-based SSH private key file sharing 

• Step 1: From the Browse File(s) options listed, select Remote Path.
• Step 2: In the Device field, enter the device name from which you wish to import the log file. Alternatively, you can click the + icon to browse for and select the Windows device.
• Step 3: Choose SFTP as the protocol and enter the port number (default port value is 22).
• Step 4: Provide the Username and choose Key File as the Authentication Type.

• Step 5: Click Browse and select the key file from the device. You can refer to this page to learn how to generate a key file with ssh-keygen, a standard component of the Secure Shell protocol.
• Step 6: If the key file is passphrase protected, select the Use Passphrase check box and enter the phrase in the field.
• Step 7: In the File field, click the Browse button to browse for and select the file to be imported.
• Step 8: Select the Log format as SAP ERP audit Logs. The Store Logs for Short-term option will store the imported log data in EventLog Analyzer for two days. If the option is left unchecked, the logs will be stored as per your data retention configuration.
• Step 9: You can choose to schedule the log import at specific time intervals. You can also schedule the log collection by reading the same file on periodic manner or by creating a specific naming conventions for files. Refer How to Perform Scheduled Import Log Collection in EventLog Analyzer for more details.
• Step 10: Click Import to save the configuration.

Tips 

 Related topics and articles 

• How to perform scheduled import log collection in EventLog Analyzer
• How to import logs in EventLog Analyzer from local path
• How to import logs in EventLog Analyzer from S3 Bucket