03-14-2007 4:53 AM
Hi,
Can any one provide me info regarding the files which are available for logging important security events and helping administrators with troubleshooting in NW.
Thanks
03-14-2007 5:06 AM
Security log
Location in Log Viewer: ./log/system/security.<n>.log
Location in file system: <drive>:\usr\sap\<SID>\<instance_number>\j2ee\cluster\serverX\log\system\security.<n>.log
● Security audit log
The security audit log is part of the security log. The category System/Security/Audit in the log entries of the security log.
● Trace files
Location in Log Viewer: ./log/defaultTrace.<n>.trc
Location in file system: <drive>:\usr\sap\<SID>\<instance_number>\j2ee\cluster\server0\log\defaultTrace.<n>.trc
This file contains all the trace information for the whole server and includes trace information for user management engine (UME) libraries and the UME Provider (com.sap.security.core.ume.service). The information in this file is on a very fine-granular level and includes exceptions, warnings, and debugging information. It is mainly required by the SAP support team.
● Directory server logs
When you use an LDAP directory server as a data source for the UME, you can configure log files to monitor and troubleshoot the connections.
The directory server access log records the duration and type of requests made to the directory server configured as data source for the user management engine (UME).
When enabled, the UME creates the directory server access log file, sapum.access.audit, in the following location:
<drive>:\usr\sap\<SID>\<instance>\j2ee\cluster\server<n>
When you restart the SAP NetWeaver Application Server (AS) Java, the system checks for the existence of a previous log. If a log exists, the system appends a time stamp to the file name and creates a new log file.
● When enabled, the UME creates the directory server connection pool log file, sapum_cpmon_<hostname>_<port>_<object_ID>.log, in the following location:
<drive:>\usr\sap\<SID>\<instance>\j2ee\cluster\server<n>
The file name uses the following syntax:
sap.um_cpmon_<hostname>_<port>_<objectID>.log
Hostname and port refer to the directory server. Object ID refers to the object class; the default values are GRUP, UACC, and USER.
When you restart the SAP NetWeaver Application Server (AS) Java, the system overwrites the log files.
● Viewing Logging and Trace Files in the Log Viewer
1. In the Visual Administrator, on the Cluster tab, choose <system_id> u00AE Server u00AE Services u00AE LogViewer.
2. Make sure the Runtime tab is displayed.
3. In the navigation tree, choose Cluster u00AE Server u00AE <ASJava_installation_directory> and navigate to the required file.
● Configuring the Log Viewer
You can change the severity level of logging and tracing using the log configuration services in the Visual Administrator.
1. In the Visual Administrator, on the Cluster tab, choose <system_id> u00AE Server u00AE Services u00AE Log Configurator.
2. Choose the configuration you want to change.
u00A1 For security logging, choose Categories u00AE Root Category u00AE System u00AE Security u00AE Audit.
u00A1 For tracing, switch to advanced mode and choose Locations u00AE Root location u00AE com u00AE sap u00AE security.
3. Change the severity level as required.
a. Select the required package and choose Edit.
b. Under Severity change the severity settings.
The new severity level will be activated immediately. You do not have to restart the server.
● Entries in the log file for security Audit log for Java:
Each entry in the log file has the following format:
[TimeStamp] | [Severity] | [Actor] | [Event] | [ObjectType] = [ObjectID] | [ObjectName] | [Details]
Example: Feb 12, 2003 6:20:48 PM | Info | <systemuser> | LOGIN.OK | USER = | TestUser02
Thanks
*pls give points if find usefull
03-14-2007 5:06 AM
Security log
Location in Log Viewer: ./log/system/security.<n>.log
Location in file system: <drive>:\usr\sap\<SID>\<instance_number>\j2ee\cluster\serverX\log\system\security.<n>.log
● Security audit log
The security audit log is part of the security log. The category System/Security/Audit in the log entries of the security log.
● Trace files
Location in Log Viewer: ./log/defaultTrace.<n>.trc
Location in file system: <drive>:\usr\sap\<SID>\<instance_number>\j2ee\cluster\server0\log\defaultTrace.<n>.trc
This file contains all the trace information for the whole server and includes trace information for user management engine (UME) libraries and the UME Provider (com.sap.security.core.ume.service). The information in this file is on a very fine-granular level and includes exceptions, warnings, and debugging information. It is mainly required by the SAP support team.
● Directory server logs
When you use an LDAP directory server as a data source for the UME, you can configure log files to monitor and troubleshoot the connections.
The directory server access log records the duration and type of requests made to the directory server configured as data source for the user management engine (UME).
When enabled, the UME creates the directory server access log file, sapum.access.audit, in the following location:
<drive>:\usr\sap\<SID>\<instance>\j2ee\cluster\server<n>
When you restart the SAP NetWeaver Application Server (AS) Java, the system checks for the existence of a previous log. If a log exists, the system appends a time stamp to the file name and creates a new log file.
● When enabled, the UME creates the directory server connection pool log file, sapum_cpmon_<hostname>_<port>_<object_ID>.log, in the following location:
<drive:>\usr\sap\<SID>\<instance>\j2ee\cluster\server<n>
The file name uses the following syntax:
sap.um_cpmon_<hostname>_<port>_<objectID>.log
Hostname and port refer to the directory server. Object ID refers to the object class; the default values are GRUP, UACC, and USER.
When you restart the SAP NetWeaver Application Server (AS) Java, the system overwrites the log files.
● Viewing Logging and Trace Files in the Log Viewer
1. In the Visual Administrator, on the Cluster tab, choose <system_id> u00AE Server u00AE Services u00AE LogViewer.
2. Make sure the Runtime tab is displayed.
3. In the navigation tree, choose Cluster u00AE Server u00AE <ASJava_installation_directory> and navigate to the required file.
● Configuring the Log Viewer
You can change the severity level of logging and tracing using the log configuration services in the Visual Administrator.
1. In the Visual Administrator, on the Cluster tab, choose <system_id> u00AE Server u00AE Services u00AE Log Configurator.
2. Choose the configuration you want to change.
u00A1 For security logging, choose Categories u00AE Root Category u00AE System u00AE Security u00AE Audit.
u00A1 For tracing, switch to advanced mode and choose Locations u00AE Root location u00AE com u00AE sap u00AE security.
3. Change the severity level as required.
a. Select the required package and choose Edit.
b. Under Severity change the severity settings.
The new severity level will be activated immediately. You do not have to restart the server.
● Entries in the log file for security Audit log for Java:
Each entry in the log file has the following format:
[TimeStamp] | [Severity] | [Actor] | [Event] | [ObjectType] = [ObjectID] | [ObjectName] | [Details]
Example: Feb 12, 2003 6:20:48 PM | Info | <systemuser> | LOGIN.OK | USER = | TestUser02
Thanks
*pls give points if find usefull