Show TOC

Evaluating the Log File of SAProuter Locate this document in the navigation structure

The log file is structured line by line. Each line contains the following information:

  • Date and Time (week day, month, day, time, year)

  • Action:
    • INIT LOGFILE (start of log file)
    • READ ROUTTAB (read route permission table)
    • CONNECT FROM/TO (open connection from/to). The IP address and port always refer to the connection's counter page (peer).
    • DISCONNECT (close connection)
    • PERM DENIED (connection not permitted in accordance with route permission table)
  • Handle Pair: <C|S>n/m. The letter indicates whether the action was initialized by the client (C) or by the server (S). The two numbers are internal NI handle numbers: The first number means the connection with the handle to the client, and the second number means the connection with the handle to the server. A log with a handle pair C1/- means that no server-side connection between a pair exists yet.

Example

Assume that logging was activated and the following actions were executed through the SAProuter. The SAProuter stands between the physical hosts ldp007 with the IP address 10.21.72.60 and binmain (IP address 10.21.82.77).

  1. Connection is opened between host ldp007 (10.21.72.60) and host binmain (10.21.82.77) with port sapmsBIN, which is closed by the client again.

  2. Administrator calls up local SAProuter to display the list of connections ( saprouter -l).

  3. Connection is established between host ldp007 (10.21.72.60) and the same host ldp007 with port 3298, which is closed by the server again.

  4. Attempt to open connection from host ldp007 (10.21.72.60) to the same host with telnet port 23 is rejected by the SAProuter.

The route permission table in this example allows connections from any host to host 10.21.82.77 with port sapmsBIN, as well as to host 10.21.72.60 with port 3298:

P * 10.21.82.77 sapmsBIN

P * 10.21.72.60 3298

After these actions have been executed, the log file would look like:

(1) Wed Dec 7 13:13:59 2005 INIT LOGFILE

(2) Wed Dec 7 13:13:59 2005 READ ROUTTAB ./saprouttab o.k.

(3) Wed Dec 7 13:14:05 2005 CONNECT FROM C1/- host 10.21.72.60/1245 (ldp007.wdf.sap.corp)

(4) Wed Dec 7 13:14:05 2005 CONNECT TO S1/2 host 10.21.82.77/sapmsBIN (binmain)

(5) Wed Dec 7 13:14:05 2005 DISCONNECT C1/2 host 10.21.72.60/1245 (ldp007.wdf.sap.corp)

(6) Wed Dec 7 13:14:13 2005 CONNECT FROM C2/- host 127.0.0.1/44997 (local host)

(7) Wed Dec 7 13:14:13 2005 SEND INFO TO C2/-

(8) Wed Dec 7 13:14:13 2005 DISCONNECT C2/- host 127.0.0.1/44997 (localhost)

(9) Wed Dec 7 13:14:23 2005 CONNECT FROM C2/- host 10.21.72.60/1276 (ldp007.wdf.sap.corp)

(10) Wed Dec 7 13:14:23 2005 CONNECT TO S2/1 host 10.21.72.60/3298 (ldp007)

(11) Wed Dec 7 13:14:24 2005 DISCONNECT S2/1 host 10.21.72.60/3298 (ldp007)

(12) Wed Dec 7 13:14:31 2005 CONNECT FROM C2/- host 10.21.72.60/1352 (ldp007.wdf.sap.corp)

(13) Wed Dec 7 13:14:31 2005 PERM DENIED C2/- host 10.21.72.60 (ldp007.wdf.sap.corp) to ldp007/23

(14) Wed Dec 7 13:14:31 2005 DISCONNECT C2/- host 10.21.72.60/1352 (ldp007.wdf.sap.corp)

Note The line numbers are not displayed, but are added here to help with the description.

The lines mean the following:

Line(s)

Meaning

(1), (2)

The first two lines are always at the start of the log file. The first line marks the start, the second means that the route permission table has been read in successfully.

(3), (4)

The client (host 10.21.72.60, port 1245) connects to the SAProuter and through this host it can connect to host 10.21.82.77, port sapmsBIN, since this connection is permitted according to the route permission table.

(5)

The connection between host 10.21.72.60, port 1245 and host 110.21.82.77, port sapmsBIN is closed by the client.

(6)

On the local host (IP address 127.0.0.1, port 44997) the connection list display is called up (saprouter -l). The connection is opened with the SAProuter.

(7)

The SAProuter sends the client the requested connection information.

(8)

The connection is closed again. As it is not a client/server connection via the SAProuter, the connection is closed by the SAProuter.

(9), (10)

Client host 10.21.72.60, port 1276 wants to connect to server 10.21.72.60, port 3298 via the SAProuter, which is permitted according to the route permission table. The SAProuter opens the connection.

(11)

The connection is closed again (from the server).

(12), (13)

Client host 10.21.72.60, port 1352 wants to connect to server 10.21.72.60, port 23 (telnet) via the SAProuter, which is not permitted according to the route permission table. The SAProuter returns message, "permission denied".

(14)

The connection is closed by the SAProuter. (With unpermitted connections and in error situations the SAProuter closes the connections.)