The security audit log saves its audits to a corresponding audit file on a daily basis. Depending on the size of your SAP System and the filters specified, you may be faced with an enormous quantity of data within a short period of time. SAP has recommend archiving your audit files on a regular basis and deleting the original files as necessary. The transaction code SM18 is used to delete old audit files. You can either delete the files from all application servers or from only the local server where you are working. If an application server is not currently active, it will be included in the next reorganization.
1. Execute transaction code SM18. Enter the Minimum age of files to delete (default = 30 days). This value must be greater than 3. Activate the On All Active Instances indicator to delete the audit files from all application servers. Leave the indicator blank if you only want to delete the files from the local application server.
2. Activate the Simulation Only indicator if you do not actually want to delete the files. In this case, the action is only simulated.
3. Choose F8 to execute the task. The system deletes the corresponding audit files (unless you chose to simulate). You receive a list showing how many files were deleted and how many were retained on each application server.
4. Alternatively, you can also execute the deletion via report RSAUPURG in transaction code SE38.
Note:
You cannot purge files that are less than 3 days old!
