Show TOC Entering content frame

Background documentation Logging and Tracing Locate the document in its SAP Library structure

Logging and Trace Files

The following files are available for logging important security events and helping administrators with troubleshooting:

     Security Logging

Location in Log Viewer: ./log/system/security.<n>.log

Location in file system: <drive>:\usr\sap\<SID>\<instance_number>\j2ee\cluster\serverX\log\system\security.<n>.log

This file contains a log of important security events, such as successful and failed user logons, and creation or modification of users, groups and roles. For a complete list of events that are logged and the format in which they are logged, see What is Logged?.

     Trace Files

Location in Log Viewer: ./log/defaultTrace.<n>.trc

Location in file system: <drive>:\usr\sap\<SID>\<instance_number>\j2ee\cluster\server0\log\defaultTrace.<n>.trc

This file contains all the trace information for the whole server and includes trace information for UME libraries and the UME Provider (com.sap.security.core.ume.service). The information in this file is on a very fine-granular level and includes exceptions, warnings, and debugging information. It is mainly required by the SAP support team.

     Directory Server Logging

When you use an LDAP directory server as a data source for the User Management Engine (UME), you can configure log files to monitor and troubleshoot the connections. For more information, see the following:

     Directory Server Access Log

     Directory Server Connection Pool Log

Viewing Logging and Trace Files in the Log Viewer

...

       1.      In the Visual Administrator, on the Cluster tab, choose <system_id> ® Server ® Services ® LogViewer.

       2.      Make sure the Runtime tab is displayed.

       3.      In the navigation tree, choose Cluster ® Server ® <J2EE_installation_directory> and navigate to the required file.

Configuring the Log Viewer

You can change the severity level of logging and tracing using the log configuration services in the Visual Administrator.

...

       1.      In the Visual Administrator, on the Cluster tab, choose <system_id>  ® Server ® Services ® Log Configurator.   

       2.      Choose the configuration you want to change.

¡        For security logging, choose Categories ® Root Category ® System ® Security ® Audit.

¡        For tracing, switch to advanced mode and choose Locations ® Root location ® com ® sap ® security.

       3.      Change the severity level as required.

                            a.      Select the required package and choose Edit.

                            b.      Under Severity change the severity settings.

The new severity level will be activated immediately. You do not have to restart the server.

Configuring Security Logging

You can use UME properties to configure what is logged. The following options are available:

     Log the object ID of an event.

     Disable the logging of the actor of an event, only anonymous is recorded.

     Disable the logging of the client host address.

     Log the client hostname.

For more information about editing UME properties, see Editing UME Properties.

For more information about UME properties relevant to UME properties, see Security Audit.

Leaving content frame