# SAP

SAP stores logs in binary format by default. A schedule task to dump logs in CSV format has to be created in SAP.

1. Save SAP logs on particular folder (eg: /opt/g14/saplogs/) on the system/server in csv format.
2. Schedule an activity in SAP to generate the audit logs in required intervals (eg: hourly).
3. Download and install filebeat latest version by using below link.

   <https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html>
4. Before starting Filebeat Edit filebeat.yml file

   File path: C:\Program Files\filebeat\filebeat.yml
5. In Filebeat input session, can modify input enabled field False to true

![](https://2078222076-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MMRHZBPHlLDUc8519fX%2F-M_WjrxVagJH75ZF8W-z%2F-M_WvenBVHcuJMbU1f6e%2Fimage.png?alt=media\&token=f664648a-c4e7-4c8e-be88-b99dc6774c66)

5\. Place your log folder path(step-2) under paths field.

![](https://2078222076-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MMRHZBPHlLDUc8519fX%2F-M_WjrxVagJH75ZF8W-z%2F-M_WwJ45E3Bo1JHjBclE%2Fimage.png?alt=media\&token=fde0a6c2-9488-429a-a9fb-e04d2a7a1045)

6\. Under Elastic search output session, put # to all lines.

![](https://2078222076-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MMRHZBPHlLDUc8519fX%2F-M_WjrxVagJH75ZF8W-z%2F-M_WwLYVgzdxlXi8sKIb%2Fimage.png?alt=media\&token=a5c8f1fb-13b5-4968-87f2-9e62654b1226)

7\. Under Logstash output session, remove comments (#) and place IP and Port.

![](https://2078222076-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MMRHZBPHlLDUc8519fX%2F-M_WjrxVagJH75ZF8W-z%2F-M_WwNT4p7E_lrqiv84W%2Fimage.png?alt=media\&token=55b1a5e7-5e4e-4720-9d61-98f1009d1687)

8\. Modify localhost to Log collector IP and modify port number (provided by blusapphire).

9\. After configuration is completed then Start the Filebeat service on PowerShell

```
PS C:\Program Files\filebeat> Start-Service filebeat
```

##