Audit logging is free in some places and metered in others. This guide explains how the security audit log, read access logging, and the BTP Audit Log service are licensed across on premise, RISE, S/4HANA Cloud, and BTP, and where the cost traps sit.
SAP audit logging is free in some places and metered in others. This guide explains how the security audit log, read access logging, and the BTP Audit Log service are licensed across on premise, RISE, S/4HANA Cloud, and BTP, where the cost traps sit, and the renewal moves that cut spend.
Audit logging sounds like a security topic. On a cloud bill it is a licensing topic. Where the log lives decides whether it is free, bundled, or metered.
The buyers who overpay are not logging too much. They are keeping logs too long, in too many places, with no one reading them.
SAP has three distinct logging capabilities, and each is licensed differently.
The security audit log records logons, transaction starts, and user actions in the ABAP stack. It ships with the platform on premise and inside RISE managed systems at no separate charge.
Read access logging captures who viewed sensitive data such as personal or financial fields. It is included in many editions but takes configuration effort to scope correctly.
The BTP Audit Log service records platform and application events in the cloud. It is metered, and retention beyond the included window is a paid extension.
Where each SAP log lives and how it is charged
| Log type | Where it lives | How it is charged |
|---|---|---|
| Security audit log | On premise and RISE ABAP | Included, no separate license |
| Read access logging | On premise and S/4HANA | Included, configuration effort only |
| BTP Audit Log | SAP BTP cloud | Metered by volume and retention |
| S/4HANA Cloud audit | Public and private cloud edition | Bounded retention, paid extension |
The same feature can be free or metered depending on the deployment. Match the cost model to where the system actually runs.
On premise, the security audit log and read access logging are platform features. You pay in storage and administration, not in license fees.
Inside RISE with SAP, base logging is bundled with a defined retention window. Extending retention or exporting logs beyond that window is a chargeable change.
On SAP BTP, the Audit Log service draws on your cloud credits. Volume and retention both move the meter, so the cost scales with how long you keep data.
The traps are rarely in the logging itself. They sit in retention defaults and duplication.
Default retention is often set longer than policy requires. Every extra month of retained log volume is billable on BTP and chargeable in RISE.
Teams frequently log the same events to BTP, to a security platform, and to a data lake. You pay three times to answer one question nobody asks.
The standard guidance is to retain everything for as long as possible because storage looks cheap and auditors might ask. We disagree. In most BTP estates we reviewed, retention was set 3 to 5 times longer than any regulator or internal policy demanded, and the logs were never queried after the first weeks. On a metered service that default is pure waste. The buyer side move is to set retention to the actual policy requirement, route one authoritative copy to a single store, and treat anything beyond the legal minimum as a deliberate, costed choice rather than a silent default.
Source: Redress Compliance advisory engagement file, 2024 to 2025.
Logging is a security duty. Retention is a budget decision. The bill grows when the second is left on its default and nobody owns it.
Renewal is the moment to reset retention and consolidation. Three moves carry the result.
Look at who actually reads the logs and when. If nothing queries data older than ninety days, retention beyond that is paying to store an answer no one asks for.
Map retention to the legal and regulatory requirement for each log type. Set the metered service to that figure, not to the maximum the platform allows.
Route logging to one authoritative store per landscape. Use the SAP trust center guidance to confirm what each compliance regime truly needs.
White Paper · SAP
SAP License Audit Survival Guide
An SAP license audit targets named user misclassification, indirect access, and LAW report gaps. Read it free.
No. The security audit log ships with the ABAP platform on premise and inside RISE managed systems. You pay for storage and administration, not for a separate license to switch it on.
The BTP Audit Log service is metered and draws on your cloud credits. Both the volume of events and the retention period move the meter, so longer retention directly raises the cost.
Yes, with a defined baseline retention window. Logging within that window is bundled, but extending retention or exporting logs beyond it is a chargeable change you should size deliberately.
Read access logging records who viewed sensitive fields such as personal or financial data. It is included in many editions, so the real cost is the configuration effort to scope it correctly, not a separate fee.
Retention defaults. Metered services often default to retention far longer than policy requires, and old logs keep consuming credits long after anyone stops querying them.
Set retention to the documented legal and regulatory requirement for each log type. Retaining beyond that window on a metered service is a cost with no compliance benefit.
Yes. Many estates log the same events to BTP, a security tool, and a data lake at once. Routing one authoritative copy to a single store removes the duplicate spend without losing coverage.
At the BTP or RISE renewal. That is when retention settings, consolidation, and credit commitments can be reset against real query demand rather than carried forward on autopilot.
SAP RISE pricing benchmarks, the CVR framework, indirect access posture, and the buyer side moves across the full SAP estate.
Used across more than five hundred enterprise engagements. Independent. Buyer side. Built for procurement leaders running the next renewal cycle.
Audit logging is a security duty and a budget line at the same time. Most overspend hides in retention nobody chose on purpose.
