Configuration Settings for the Error Log

You can configure the Error Log for SAP Gateway to suit your requirements.

As default, error items are stored in the error log for a duration of 14 days starting from the date on which the error occurred. If you want to change the number of days for which the error log stores recorded error items, choose  Error Log  Global Configuration . On the SAP GW Support Utilities: Global Configuration screen, enter the relevant number of days that the error log is to store error items and save your new setting. To further influence the amount of data stored in the Error Log, you can specify whether or not the error information is to be aggregated. If you do not want the error information to be aggregated, deselect the Aggregate by Service, User, and Error checkbox. Expired Error Log items are deleted from the SAP Gateway framework by calling the Clear Cache activity from the SAP Implementation Guide.

If you want to change the expiry date for one or more error items only, as opposed to changing the global setting for the entire error log, select the relevant error items for which you want to change the expiry date and choose the Change Expiry Date icon. In the Set Expiry Date dialog box, enter the new expiry date and confirm the new date.

Two security levels are available for the Error Log:

• Secure: This default level enables you to perform a first-level problem analysis. Errors returned by the provider application are not recorded in the log. In case of technical problems, one or more error log entries are recorded, but they do not include the service name, HTTP request or response payload, for example.

  Note

  If the log level Secure is chosen, messages are logged without message variables, because variables may contain sensitive business data.

• Full: No limitation. This security level enables you to perform detailed problem analyses and obtain information about the affected service request.

Use transaction SICF with the assigned authorization object S_ADMI_FCD with parameter PADM to activate, deactivate, and display HTTP traces containing the whole request and response payload. You need this authorization object to configure the log level and display sensitive details about errors contained in the Error Log.

To configure the security levels for the Error Log, proceed as follows:

1. Run transaction /IWFND/ERROR_LOG in an SAP Gateway hub system or /IWBEP/ERROR_LOG in an SAP Business Suite backend system.

2. Choose  Error Log  Global Configuration . A dialog box is displayed in which you can change the security level. The setting you make here is effective for all users of the current SAP client and is valid until any future changes are made.

Even if the security level has been configured for the current client, you can change the log level for a specific user so that more detailed error analyses are possible. To change the security level for a specific user, proceed as follows:

1. Run transaction /IWFND/TRACES in an SAP Gateway hub system or /IWBEP/TRACES in an SAP Business Suite backend system.

2. Choose Add User.

3. Enter the user name.

4. Change the Error Log Level from Secure to Full.

5. Choose Save Configuration.

   This adjusted user setting is valid for 2 hours.

If a log entry has been written with log level Secure, sensitive data is shown as Hide due to secure log level.

If a log entry has been written with log level Full, but the authorization object S_ADMI_FCD with parameter PADM is not assigned to the current user, sensitive data is shown as No authority to see detail.

If you want to replay a service request, the whole request payload is required. Consequently, you can only replay a service request for log entries written with log level Full. Furthermore, the authorization object S_ADMI_FCD with parameter PADM must be assigned to the current user in order for the user to replay a service request from within the Error Log.