Hi everyone, just wanted to share an issue that we recently discovered with LSAUDIT. We do some reporting and system alerts directly from the LSAUDIT table, and found that some things were not being reported. After investigating and partnering with Lawson Support, we found that there is a 1,000 character limit on records in the table. If a record exceeds that limit*, it will not get recorded....not just truncated at 1,000 characters, but not recorded at all. After discovering this, we were able to identify an artifact in the file that allows us to go back and see examples of when this happened in the past, maybe even identify the user, but we cannot completely recreate the history (what roles were granted, etc.) because the full details are not there.
If you are doing a direct query on this table OR using 3rd Party security reporting tools (AVAAP, Kinsey, etc.), this could potentially impact you. It has created some audit questions on our side, so I wanted to share this info with the broader group to help you be proactive with this issue. Lawson is actively working on a long term solution, but in the interim has created an 'overflow' log file that will store anything that does not get recorded in LSAUDIT.
*In our experience, we seem to hit the character limit only with new users IF they have a high number of roles and groups - maybe an analyst or admin with 5-8 roles and another 5-8 groups; presumably all of the user attributes (first name, last name, email, etc. plus all role and group names) cause it to hit that character limit. We have not found examples of a CHANGE hitting that 1,000 character limit.
