SAP

SAP stores logs in binary format by default. A schedule task to dump logs in CSV format has to be created in SAP.

1. Save SAP logs on particular folder (eg: /opt/g14/saplogs/) on the system/server in csv format.

2. Schedule an activity in SAP to generate the audit logs in required intervals (eg: hourly).

3. Download and install filebeat latest version by using below link.

   https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html

4. Before starting Filebeat Edit filebeat.yml file

   File path: C:\Program Files\filebeat\filebeat.yml

5. In Filebeat input session, can modify input enabled field False to true

5. Place your log folder path(step-2) under paths field.

6. Under Elastic search output session, put # to all lines.

7. Under Logstash output session, remove comments (#) and place IP and Port.

8. Modify localhost to Log collector IP and modify port number (provided by blusapphire).

9. After configuration is completed then Start the Filebeat service on PowerShell

PS C:\Program Files\filebeat> Start-Service filebeat