Show TOC

Application Log SettingsLocate this document in the navigation structure

Defining Application Log Settings

SAP security standards stipulate that access to sensitive business data must be logged in SAP products. SAP Gateway enables the Application Log to fulfill this security requirement. To fulfill these requirements, SAP Gateway logs the ID and the field name of the retrieved business objects. Read access logs for SAP Gateway are created in the core software component for SAP Gateway, SAP_GWFND.

To activate the logging mechanism, you must set the log level you want to be used for the Application Log. You can set the log level globally for all users or alternatively for specific users only. To set the required log level, launch the SAP Customizing Implementation Guide (transaction SPRO) and choose, Start of the navigation path SAP NetWeaver Next navigation step OData Channel Next navigation step Administration Next navigation step Logging Settings Next navigation step Set Log Level for All Users End of the navigation path or Set Log Level for Specific Users.

To permit the creation of read access logs, you must select one of the following levels:

  • A = All

    Messages of type Information, Warning, Security, and Error are saved to the Application Log.

  • I = Step Completion Information

    Messages of type Step Completion Information, Warning, Security, and Error are saved to the Application Log. Messages of type Step Initiation Information are omitted.

  • W = Error, Security, Warning

    Message of type Error, Security, and Warning are saved to the Application Log.

  • S = Error, Security

    Messages of type Error and Security are saved to the Application Log. Messages of type Step Initiation Information and Step Completion Information are omitted.

You must select one of the above log levels to ensure that read access logs are written.

Note

The following log levels also exist, but they do not permit the creation of read access logs.

Error: Messages of type Error are saved in the Application Log. Messages of type Warning, Security, Step Initiation Information, and Step Completion Information are omitted.

None: No messages are created or saved.

Searching for Logs

Use the Application Log Viewer (transaction /IWFND/APPS_LOG) to view read access logs written to the Application Log. For more information, see Application Log Viewer.

In the Application Log Viewer, fill out the relevant input fields on the selection screen to specify the list of log protocols you want to display. All read access log messages are of type Information and have the corresponding long text, Entity disclosed to client in the response. See details. The long text provides details about the disclosed business object, namely the object ID and the field names that were requested. The log never stores the actual values of the business object fields that were requested.

Note

  • SAP Gateway does not provide service-based configuration to specify which fields are to be written to the log and whether the values shall be recorded.

  • Read access logging can only be activated or deactivated by setting the appropriate log levels as described in this topic. SAP Gateway does not provide service-based configuration options.

  • Read access logs must be viewed in the Application Log Viewer (transaction /IWFND/APPS_LOG).

Deleting Logs

Logs are deleted regularly by automatically scheduled jobs. For more information about clearing logs written to the Application Log Viewer, see Periodical Tasks and refer to the Cache Settings section that explains how default cleanup jobs are created.

More Information