Evaluating the Gateway Log File

Prerequisites

The registration authorization applies to all programs, which means that the reginfo file comprises line TP=*.

Context

The evaluation of the log file provides you with an overview of the communication running through the gateway. You can see which external programs have been started and which have been rejected (with reasons). This enables you to manage your configuration.

If you are using the Logging-Based Setting, after you have evaluated the log file you can adjust the configuration of security files secinfo and reginfo to meet your requirements.

Procedure

Display the contents of the file. You can display the file contents, and save them to your local computer in transaction SMGW. Choose Start of the navigation path Goto Next navigation step Expert Functions Logging End of the navigation path .

Since everything is permitted in secinfo and reginfo, you will only see entries with reginfo accepted and secinfo accepted.

Entries in secinfo accepted are checked against entries in secinfo.

Entries in reginfo accepted are checked against entries in reginfo.

S Wed Aug 01 2007 10:36:52:181 reginfo accepted server: TP=IGS.WDFD00146227A, HOST=WDFD00146227A

S Wed Aug 01 2007 10:37:57:183 reginfo accepted server: TP=IGS.WDFD00146227A, HOST=WDFD00146227A

S Wed Aug 01 2007 10:39:02:185 reginfo accepted server: TP=IGS.WDFD00146227A, HOST=WDFD00146227A

S Wed Aug 01 2007 10:39:05:740 secinfo accepted: USER=MUSTER, USER-HOST=host1.wdf.sap.corp, HOST=ld8061.wdf.sap.corp, TP=gnetx.exe

S Wed Aug 01 2007 10:39:48:577 secinfo accepted: USER=MUSTER, USER-HOST=host1.wdf.sap.corp, HOST=ld8061.wdf.sap.corp, TP=/usr/sap/BIN/SYS/exe/run/tp

Find the entries for the secinfo file.

Entries for secinfo always contain the following components
- USER=<name>: User who wants to start the external program
- USER-HOST=<user host>: Host name from where the Gateway was requested to start the program (when the program is started from the system, the host name is always the name of the application server).
- HOST=<host>: Host on which the program was started.
  
  Special values of <host> are “local” and “internal”.
  
  Local stands for synonymous for all IP addresses of your own host.
  
  Internal stands for synonymous for all IP addresses of all hosts displayed in transaction SM51, as well as all IP addresses of variable SAPDBHOST.
  
  The list is refreshed at each new logon of an instance, as well as every five minutes.
- TP=<program name>: Program name
You could now simply filter out all duplicate entries from the log file and write the remaining entries to the secinfo file. This allows all programs that are running in the environment.

If this means there are a large number of programs, group together entries using appropriate wild cards to make the secinfo file more manageable.

Example

Example of entries in secinfo file

TP=/usr/sap/BIN/SYS/exe/run/* allows all programs in the executable directory of the server to be started

HOST=* Allows programs to be started on any host. This could be restricted to a subnetwork mask or domain name, for example, 10.66.66.* or *.sap.corp

USER=* Allows all users to use the external program.

Caution

With programs started from SAPGUI, the Gateway cannot check whether this SAPGUI is allowed. The IP address of the application server is used to make the check (see next line).

S Wed Aug 01 2007 10:39:05:740 secinfo accepted: USER=MUSTER, USER-HOST=host1.wdf.sap.corp, HOST=host1.wdf.sap.corp, TP=gnetx.exe .
Find the entries for the reginfo file.

Entries for reginfo always contain the following components
- TP=<regi id>: Registration ID of the server program that is being registered
- HOST=<host>: Host from where the server is permitted to log on.
- ACCESS=<host>: Host from which the RFC client is permitted to use a registered program.
- CANCEL=<host>: Host from which the RFC client is permitted to stop a registered program.
You could now simply filter out all duplicate entries from the log file and write the remaining entries to the reginfo file. This allows all programs as they are running in the environment to register.

If there are a large number of programs to register, group together entries using appropriate wild cards to make the reginfo file more manageable.

Example

Example of Entries in reginfo File

TP= IGS.WDFD00146227A HOST=* allows registration of IGS.WDFD00146227A from every host.

TP=Bex* HOST=*sap.corp allows programs with registration ID Bex* to register provided they come from hosts in the SAP network.

Note

If you want to allow access to the registered server, for example, from the local application server only, you have to add ACCESS=local to the entry. To stop the server in transaction SMGW, you need to add CANCEL=local.