Security Log
Use
Administrators can use the security log to help identify any potential unauthorized access to the system. The security log is configured with the parameter icm/security_log.
The following irregularities are logged:
-
Data with invalid syntax
-
Attempted access to objects that do not exist (NOT found)
-
Access to objects that is not permitted due to filter rules (permission denied)
-
Logon errors to Web administration (in ICM and Web Dispatcher)
Examples of Log Entries
-
Error: Permission denied (-13), authorization failed for user >sap< [http_auth_mt.c 745]
-
Error: Protocol error (-21), illegal request version: 1009
-
Error: Protocol error (-21), NULL bytes in HTTP request [http_plg_mt.c 4037]
Depending on the configuration the data that gave rise to the log entry is also output:
[Thr 5126] ------------------------------------------------------------------------
[Thr 5126] 0x47a8b614 000000 47455420 2f736170 2f62632f 6273702f |GET /sap/bc/bsp/|
[Thr 5126] 0x47a8b624 000016 7361702f 69743035 20485454 502f312e |sap/it05 HTTP/1.|
[Thr 5126] 0x47a8b634 000032 310d0a68 6f73743a 206c6470 3030372e |1..host: ldp007.|
...