cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

DEV_ICM_SEC logs filling up disk

Former Member

on ‎03-25-2011 7:22 PM

0 Kudos

I'm getting the message below, over and over. I can't figure out why or where it is coming from. I konw this is the ICM Security Log file, but that's about all I know at this point. The log file grows to 500KB, then a new one is created. These files are taking up over 5 GBs of disk space. Aside from constantly deleting them I want to find out the cause. Any idea as to where to start looking?

***********************************************************************************

            • SECURITY WARNING ******

***********************************************************************************

Fri Mar 25 13:30:18 2011

Error: Protocol error (-21), Error in HTTP Request: 9 [http_plg.c 4808]

[Thr 5320] CONNECTION (id=0/1286714):

used: 1, type: 1, role: 1, stateful: 0

NI_HDL: 61, protocol: HTTP(1)

local host: 1.1.1.1:8014 ()

remote host: 2.2.2.2:60755 ()

status: READ_REQUEST

connect time: 25.03.2011 13:30:18

MPI request: <246a8f> MPI response: <246a90>

request_buf_size: 65464 response_buf_size: 0

request_buf_used: 93 response_buf_used: 0

request_buf_offset: 0 response_buf_offset: 0

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

samrat_mutukuri
Explorer
‎01-02-2016 4:33 AM
0 Kudos

Hello All,

Can we move the old files to the other secured location ? what should be the availability of these files ? can these files be moved ?

ex : 3 days earlier files.

thank you,

Show replies
Show replies
isaias_freitas
Advisor
Advisor
‎01-04-2016 4:37 PM
0 Kudos

Hello ,

This is a 4 year old thread... Maybe it would have been better to open a new one?

Anyway, you can move them to a different folder.

They are required only if you want to analyze them to investigate any warnings being raised.

For how much time to keep them, it is up to your company to decide .

Cheers!

Isaías

Former Member
‎03-28-2011 4:01 PM
0 Kudos

You may want to look at FILEWRAP option from the following link while you are checking dev_icm logs etc.

[http://help.sap.com/saphelp_nw04s/helpdata/en/ed/fba942b043b611e10000000a155106/content.htm]

FILEWRAP
If FILEWRAP=on is active, every time a new file is opened, the existing log file is reset and overwritten. Therefore, there is always only one log file with the current log data.
If you omit this option, once the size has been exceeded a new file is written (see above).

Show replies
Show replies
Former Member
‎03-28-2011 11:37 AM
0 Kudos

Hi Bryan,

You are correct, that is the ICM Security log.

The parameter is icm/security_log. Please set the trace level to 1 if you do not want much logs.

Please find more detail on that parameter in below link.

http://help.sap.com/saphelp_nw04s/helpdata/en/ed/fba942b043b611e10000000a155106/content.htm

Please let us know if it helps you.

Regards,

Sujit.

Show replies
Show replies
Former Member
‎03-28-2011 12:34 PM
0 Kudos

The trace level is already set to 1. That is not the problem. The problem is the fact that the same warning message repeats itself over and over. I'd like to find out what the warning message means and fix the underlying issue. As it is right now, I have to keep deleting the sec. log files because they end up taking so much space due to this message.

Former Member
‎03-28-2011 12:47 PM
0 Kudos

Hi Bryan,

As you have pasted the log it says Security Warning. It does not seems to be worried unless you have some error over there.

Do you see any error in that log?

Also, I think, you can set the parameter in such a fashion so that it will not open a new file and will overwrite on the same file and hence you can restrict the size. Moreover you can control creation of new file on certain condition such as in every month.

For all those please look into the link I provided in last post.

Currently if you have any error you can paste the log here.

Hope this helps.

Regards,

Sujit.

Former Member
‎03-28-2011 12:53 PM
0 Kudos

The error is the first line of the log...

Error: Protocol error (-21), Error in HTTP Request: 9 http://http_plg.c 4808

Thr 5320 CONNECTION (id=0/1286714):

used: 1, type: 1, role: 1, stateful: 0

NI_HDL: 61, protocol: HTTP(1)

local host: 1.1.1.1:8014 ()

remote host: 2.2.2.2:60755 ()

status: READ_REQUEST

connect time: 25.03.2011 13:30:18

MPI request: <246a8f> MPI response: <246a90>

request_buf_size: 65464 response_buf_size: 0

request_buf_used: 93 response_buf_used: 0

request_buf_offset: 0 response_buf_offset: 0

I'll look to see if I can set a parameter that willl prevent the log from creating new files. I would still like to find out what is generating the "Error: Protocol error (-21)" problem.

Former Member
‎03-28-2011 1:55 PM
0 Kudos

Hi Bryan,

I overlooked the error line. Sorry for that.

Unfortunately I never came across such error which appeared for you.

Do you find anything else about the error apart from the first line. If so

please give the entire log here. Will try to find if some more information is

available.

You can get an overview on security logs from the below link

http://help.sap.com/saphelp_nw04s/helpdata/en/66/d9a942fc51da11e10000000a155106/frameset.htm

So, please share if you have some more information on that error.

May some other expert probably who faced the error can give you clue.

Regards,

Sujit.

JPReyes
Active Contributor
‎03-28-2011 3:09 PM
0 Kudos

Can you check errors in dev_icm and post them here?

Regards

Juan

Former Member
‎03-28-2011 7:30 PM
0 Kudos

Here is what I see in the dev_icm. This message repeats itself over and over as well.

[Thr 2132] Mon Mar 28 13:52:28 2011

[Thr 2132] *** ERROR => Error in HTTP Request: 9 [http_plg.c 4808]

[Thr 2132] Address Offset REQUEST:

[Thr 2132] -

[Thr 2132] 0000000006E773C8 000000 47455420 2f736170 2f62632f 6775692f |GET /sap/bc/gui/|

[Thr 2132] 0000000006E773D8 000016 7361702f 6974732f 69736970 695f736d |sap/its/isipi_sm|

[Thr 2132] 0000000006E773E8 000032 0d0a4854 54502f31 2e300d0a 41757468 |..HTTP/1.0..Auth|

[Thr 2132] 0000000006E773F8 000048 6f72697a 6174696f 6e3a2042 61736963 |orization: Basic|

[Thr 2132] 0000000006E77408 000064 20553163 784d4445 314d4445 364d6d51 | U1cxMDE1MDE6MmQ|

[Thr 2132] 0000000006E77418 000080 7857544d 35574659 3d0d0a0d 0a |xWTM5WFY=.... |

[Thr 2132] -

[Thr 2132] *** ERROR => PlugInHandleNetData: HttpParseRequestHeader failed (rc=701) [http_plg.c 2220]

Former Member
‎03-29-2011 8:03 AM
0 Kudos

Bryan,

Below two links seems to be relevant. Please check the configuration according to the SAP note: 698329.

Please check and let us know if these works !!

Regards,

Sujit.

JPReyes
Active Contributor
‎03-29-2011 9:22 AM
0 Kudos 
GET /sap/bc/gui/sap/its/isipi_sm..HTTP/1.0..Authorization: Basic

Seems like ICM has a partcular issue with authentication when calling transaction ISIPI_SM. Can you call the ITS URL manually and tell us what you see?

Regards

Juan

Former Member
‎03-29-2011 1:30 PM
0 Kudos

Hello Juan -

You mention to access the ITS manually. I can access the webgui via this link. No issues and I get a logon scren that I can access to log into ECC client. Is that sufficient?

http://<server>:<port>/sap/bc/gui/sap/its/webgui

I also looked at note #698329, but do we still think it is relevant since I can access the webgui? If so, I will still go through it and makes sure my configuration matches what is listed in the note.

JPReyes
Active Contributor
‎03-29-2011 1:34 PM
0 Kudos

I would update the kernel and check if condition persist.

Regards

Juan

Ask a Question