Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Will FireFighter send a report to the Controller if no activity was done?

Former Member

‎08-02-2011 9:56 PM

0 Kudos

We have our FF system set up to send out a log report each night to the Controllers. If someone logs into their FFID and then immediately exits back out without doing anything, will the nightly email job (pgm /virsa/zvfat_log_report) report this FF session?

We are on GRC 5.3 SP13.

Thanks.

3 REPLIES 3

Former Member

‎08-03-2011 6:13 AM

0 Kudos

Hi Bob,

Firefighter will have 3 types of logs:

1. Session

2. Transaction

3. Change data.

The answer for your question is a big Yes.

The FF session (Login/Logout) report will be still sent even though user hasn't performed any thing. However, if user executes any transactions, it will be captured by the transaction log.

Change data is when any changes made to the configuration.

Hope this clarifies.

Regards,

Raghu

Former Member
In response to Former Member

‎08-04-2011 6:55 PM

0 Kudos

This appears to not quite be correct, at least not for our version. I've done some testing and it depends on what the user does before they exit back out.

If they log into FF and hit the 'Start SAP EasyAccess' button before they exit, then it generates a record for the SMEN transaction and it will report this.

However if they log into FF and immediately exit out, then it doesn't generate any transaction record and doesn't report this.

It appears that you have to do something (hit a button, enter a transaction, etc.) to get reported.

Thanks.

simon_persin4
Contributor
In response to Former Member

‎08-08-2011 3:26 PM

0 Kudos

Bob,

You are correct. The log will only generate for actual activities performed. If nothing was done, then nothing will be reported.

I did encounter an example of this whereby an auditor requested positive evidence where the FFID was assigned but never used.

The client ended up trawling through SUIM and the audit event logs to prove the lack of FFID logon before finally convincing the auditor to accept the completeness of the SPM Log for any positive actions performed. They took the view that if they logged in without performing anything, then a risk was never actually realised anyway.

Simon