Evaluating the Log File 
To make optimal security settings for the gateway, we recommend you let gateway logging run for a while, and use the generated log file as a basis for the evaluation.
Once you have evaluated the log file, you can modify the configuration to meet your requirements.
Prerequisites
You have followed the preceding steps in section Making Security Settings for External Programs.
Procedure
Display the contents of the file. You can display the file contents, and save them to your local computer in transaction SMGW. Choose
Goto 
Expert Functions Logging 
.Since everything is permitted in secinfo and reginfo, you will only see entries with reginfo accepted and secinfo accepted.
Entries in secinfo accepted are checked against entries in secinfo.
Entries in reginfo accepted are checked against entries in reginfo.
Example of an Excerpt from a Log File S Wed Aug 01 2007 10:36:52:181 reginfo accepted server: TP=IGS.WDFD00146227A, HOST=WDFD00146227A
S Wed Aug 01 2007 10:37:57:183 reginfo accepted server: TP=IGS.WDFD00146227A, HOST=WDFD00146227A
S Wed Aug 01 2007 10:39:02:185 reginfo accepted server: TP=IGS.WDFD00146227A, HOST=WDFD00146227A
S Wed Aug 01 2007 10:39:05:740 secinfo accepted: USER=MUSTER, USER-HOST=host1.wdf.sap.corp, HOST=ld8061.wdf.sap.corp, TP=gnetx.exe
S Wed Aug 01 2007 10:39:48:577 secinfo accepted: USER=MUSTER, USER-HOST=host1.wdf.sap.corp, HOST=ld8061.wdf.sap.corp, TP=/usr/sap/BIN/SYS/exe/run/tp
Find the entries for the secinfo file.
Entries for secinfo always contain the following components:
USER=<name>: User who wants to start the external program
USER-HOST=<user host>: Host name from where the gateway was requested to start the program (when the program is started from the system, the host name is always the name of the application server).
HOST=<host>: Host on which the program was started.
TP=<program name>: Program name
You could now simply filter out all duplicate entries from the log file and write the remaining entries to the secinfo file. This allows all programs that are running in the environment.
If this means there are a large number of programs, group together entries using appropriate wild cards to make the secinfo file more manageable.
ExampleExample of Entries in secinfo File
TP=/usr/sap/BIN/SYS/exe/run/* allows all programs in the executable directory of the server to be started
HOST=* Allows programs to be started on any host. This could be restricted to a subnetwork mask or domain name, for example, 10.66.66.* or *.sap.corp
USER=* Allows all users to use the external program.
End of the example.
CautionWith programs started from SAPGUI, the gateway cannot check whether this SAPGUI is allowed. The IP address of the application server is used to make the check (see next line).
S Wed Aug 01 2007 10:39:05:740 secinfo accepted: USER=MUSTER, USER-HOST=host1.wdf.sap.corp, HOST=host1.wdf.sap.corp, TP=gnetx.exe .
End of the caution.Find the entries for the reginfo file.
Entries for reginfo always contain the following components
TP=<regi id>: Registration ID of the server program that is being registered
HOST=<host>: Host from where the server is logging on.
You could now simply filter out all duplicate entries from the log file and write the remaining entries to the reginfo file. This allows all programs as they are running in the environment to register.
If there are a large number of programs to register, group together entries using appropriate wild cards to make the reginfo file more manageable.
ExampleExample of Entries in reginfo File
TP= IGS.WDFD00146227A HOST=* allows registration of IGS.WDFD00146227A from every host.
TP=Bex* HOST=*sap.corp allows programs with registration ID Bex* to register provided they come from hosts in the SAP network.
End of the example.
NoteIf you want to allow access to the registered server, for example, from the local application server only, you have to add ACCESS=local to the entry. To terminate the server from transaction SMGW, you need to add CANCEL=local.
End of the note.