Logging and Tracing

Use

The following files are available for logging important security events and helping administrators with troubleshooting:

  • Security logging

    Location in Log Viewer: ./log/system/security.<n>.log

    Location in file system: \usr\sap\<SID>\<instance_number>\j2ee\cluster\server<n>\log\system\security.<n>.log

    This file contains the log entries of a number of security related services, including the following:

    • Authentication

    • Destination service

    • User Management

    • Virus Scanner Interface

    • Web Services

    • Successful and failed user logons and logouts (LOGON.OK, LOGON.FAILED, LOGOUT.OK, LOGOUT.FAILED)

  • Security audit log

    This file contains a log of important security events, such as creation or modification of users, groups and roles.

    More information: Security Audit Log of the AS Java .

  • Trace files

    Location in Log Viewer: ./log/defaultTrace.<n>.trc

    Location in file system: \usr\sap\<SID>\<instance_number>\j2ee\cluster\server<n>\log\defaultTrace.<n>.trc

    This file contains all the trace information for the whole server and includes trace information for user management engine (UME) libraries and the UME provider ( com.sap.security.core.ume.service). The information in this file is on a fine-granular level and includes exceptions, warnings, and debugging information. It is mainly required by SAP support.

  • Change log

    Location in file system: \usr\sap\<SID>\<instance_number>\j2ee\cluster\changelog

    The change log contains changes that were done manually in the SAP NetWeaver Administrator, such as creating, deleting or modifying a policy configuration, creating, deleting or modifying a keystore view, and so on. The change log contains information about what was changed, who changed it, what was the old value and what is the new value.

  • Directory server logs

    When you use an LDAP directory server as a data source for the UME, you can configure log files to monitor and troubleshoot the connections.

    More information:

Viewing Log and Trace Files in the Log Viewer

Use SAP NetWeaver Administrator to view log and trace files. SAP NetWeaver Administrator provides a predefined security view.

More information:

Configuring the Log Viewer

Use SAP NetWeaver Administrator to configure log and trace files.

More information: Configuring Log Controllers .