How to log critical debugger events:
Using the debugger in general might already be seen as critical but using debug-replace is considered as very critical by all auditors. The corresponding Security Audit Log messages for changing field content and for jumping within the code
- Other Events, Critical, CU L Field content changed: &A
- Other Events, Critical, CU M Jump to ABAP Debugger: &A
are already covered by the 1st filter "Activate everything which is critical for all users in all clients" as proposed above.
These both messages are extended by another message to add more details describing the event:
- Other Events, Critical, BU Z> in program &A, line &B, event &C
The messages CU K, CU N, CU O, and CU P are related to the debugger as well.