Trace Files and Log Files  

RFC runtime information is recorded in the following trace files:

●      RFC Traces: dev_rfc<n>

●      Work Process Traces: dev_w<n>

●      Gateway Traces: dev_rd<n>

The dev_rfc<n> traces are also traced on the external RFC server. The generation of additional traces depends on the concepts used externally.

When communicating using RFC, security-relevant data from RFC function modules (such as password or credit card number) can be displayed in trace files.

Such RFC function modules are, for example, in user administration (BAPI_USER_CREATE1) or RFC destination maintenance (DEST_SET_PASSWORD), but also in many other areas.

You must handle access to these trace files as restrictively as possible.

For work process and gateway traces it is possible to restrict the display of critical data using the corresponding trace level setting.

 

You should use trace level 2 for these trace types to avoid displaying security-critical data.

For RFC traces you can set no trace level, this means that security-relevant data is always visible in the plain text. In this case you must only provide trace files for support purposes to completely trustworthy people.

Activate and Deactivate Traces

You activate RFC traces in transaction SM59. You can use the authorization object S_RFC_ADM to control access to this transaction.

Transaction SM50 allows you to display traces. You control access to traces with the authorization object S_ADMI_FCD (parameter PADM).

More Information

For information on how to activate and deactivate traces, see the following SAP Note:

532918    (RFC Trace Generation)

For an overview of the SAP NW AS trace files, see the following:

Developer Traces