SAP audit log licensing explained.

A buyer side reference on SAP audit log licensing. What is included in your base estate, what triggers a paid line item, and the moves that keep audit log cost off the renewal.

SAP audit log is the security and compliance record of who did what across the SAP estate.

It is also a commercial product. The cost surface depends on whether you run on premise, on RISE, on S/4HANA Cloud or on BTP.

This page explains the licensing model in plain language and shows the moves a sourcing team can run to control the audit log line at the next renewal.

What the SAP audit log actually covers

Three audit log services to know

SAP ships three audit log surfaces. They are not the same product and they do not share a single price.

Treat each one as a separate line in your model.

• Security Audit Log in NetWeaver and S/4HANA on premise. Included with the base license.
• BTP Audit Log Service on the SAP Business Technology Platform. Metered by storage and retention.
• Read Access Logging for sensitive personal data. Configured per data class and per role.

What the log records

• User logon, logoff and failed attempts at the application server.
• Privileged role assignments and changes to critical configuration.
• Data read and write events where Read Access Logging is enabled.
• BTP subaccount events including service binding and credential changes.

License rules and limits across the estate

On premise NetWeaver and S/4HANA

Security Audit Log is part of the base ABAP application server. There is no separate SKU.

Retention is your own decision. Storage cost lives in your infrastructure budget, not SAP licensing.

BTP Audit Log Service

• Free tier covers ninety days retention at small volume.
• Standard tier is metered by storage volume across hot and warm tiers.
• Retrieval API calls are metered separately from storage.
• Extended retention beyond two years carries a premium tier.

RISE and S/4HANA Cloud

RISE bundles include a baseline audit log allowance. Anything above the baseline is an add on.

Confirm the baseline in your CVR document, not in a sales slide.

Audit log is a compliance control and a commercial line item. Treat it as both, or it grows in silence and turns up at renewal.

Cost traps the seller does not flag

Retention creep

Compliance teams ask for the longest retention they can imagine.

Audit log storage scales linearly with retention. A seven year retention policy on a busy estate is the most common single line cost trap.

Read API volume

• SIEM connectors poll the BTP Audit Log API at high frequency by default.
• Each pull counts against the metered call budget.
• Move to streaming connectors or batched pulls to flatten the bill.

Read Access Logging scope creep

Read Access Logging is powerful but expensive when scoped to too many fields.

Scope by sensitive data class, not by table. Review the configuration annually.

Buyer side moves at the next renewal

Fix the bundle

• Bundle the audit log into the RISE or BTP commitment with a fixed annual fee.
• Cap the uplift on audit log line items inside the order form.
• Set retention in the order form, not in a configuration note.

Right size and true down

Pull the actual storage and API metrics from BTP before renewal.

Set a true down right at each anniversary so you can shrink the audit log line as practice matures.

Suggested reading

• SAP BTP Pricing and Licensing. Cross vendor reading from the wider library.
• SAP RISE Negotiation Guide. Cross vendor reading from the wider library.
• Digital Access Impact. Cross vendor reading from the wider library.

What to do next

1. Pull the current audit log retention policy and storage volume from each SAP environment.
2. Map each environment to the right pricing model in the table above.
3. Run a SIEM connector review and reduce poll frequency where allowed.
4. Rescope Read Access Logging by sensitive data class, not by table.
5. Lock retention and bundle terms into the next RISE or BTP order form.
6. Add a true down right at each anniversary to allow shrinkage.
7. Brief security and finance jointly so neither buys a parallel retention policy.

Frequently asked questions

Does the on premise SAP audit log cost extra?

No. Core Security Audit Log functionality is part of the base ABAP application server license. The storage cost sits in your infrastructure budget.

Is BTP Audit Log Service ever free?

There is a small free tier with ninety day retention at low volume. Most enterprise tenants outgrow it inside the first month.

What is the safest retention for compliance?

Most regulated industries land on a ninety day hot tier with offload to cold storage for the remaining retention period. Confirm with your privacy and risk teams.

Can we negotiate the audit log line in a RISE deal?

Yes. We treat audit log as a fixed bundle item with a clear uplift cap and a true down right at each anniversary.

Does Read Access Logging count toward the BTP meter?

No. Read Access Logging is on the ABAP side of the estate. BTP Audit Log Service is separate. Both can grow if scope is not reviewed each year.