The parameters described here specify the basic settings of the SAP Gateway - startup, execution of remote programs, tracing, etc.
File containing statements to start programs when the gateway starts. This is useful if CPIC/RFC server programs are always to run. When the gateway is restarted, these programs are started as well.
To start the gateway on another host you can use a remote shell or a secure shell.
Default Setting |
- |
Unit |
File name |
Dynamic |
No |
Start program locally local program [parameter ...]
Starting a program on another computer (using remote shell, or the value of the gw/remsh parameter, or using secure shell or the value of gw/ssh):
[REMSH|SSH] host name program [parameter ...]
;*! can be used as comment characters. The individual parameters in the file must be separated by tabs.
For parameters gwhost and gwserv, macros $(GWHOST)and $(GWSERV) can be used. They are replaced by the current host name and gateway service (sapgw<xx>).
With the GWCHECK option you can activate monitoring of the program started by the gateway. If the program terminates, it is automatically restarted by the gateway.
Example
In Windows options (starting with '-' ) or strings containing a '/' have to be placed within quotation marks, for example:
hw1439 "/priv/cpict2" "-tp" cpict2 "-gwhost" p29290 "-gwserv" sapgw53
; start local program ( registers using ID on gateway ; cpicsrc on gateway running locally and responding to service ; sapgw53) local /usr/sap/BIN/SYS/exe/run/cpicserver -tp cpicsrv -gwhost uw1033 -gwserv sapgw53 ; start program remotely hw1439 /usr/sap/BIN/SYS/exe/run/rfcserver -tp rfcsrv -gwhost uw1033 -gwserv sapgw53 ; start remote program with remote shell [REMSH] hw1439 /usr/sap/BIN/SYS/exe/run/rfcserver -tp rfcsrv -gwhost uw1033 -gwserv sapgw53 ; start remote program with secure shell SSH hw1439 /usr/sap/BIN/SYS/exe/run/rfcserver -tp rfcsrv -gwhost uw1033 -gwserv sapgw53 ; start local program and activate gateway ; switch on. This monitoring is activated with ; keyword GWCHECK. If the ; program terminates, it is automatically restarted by the gateway. local GWCHECK /usr/sap/BIN/SYS/exe/run/rfcserver -tp rfcsrv -gwhost uw1033 -gwserv sapgw53 |
Determines the directory in which the gateway starts programs:
0: Start in work directory (work)
1: Start in home directory
Caution
This parameter is not valid for Microsoft Windows. Here, programs are always started in the work directory.
Default Setting |
1 |
Unit |
Truth value |
Dynamic |
Yes |
Specifies whether the trace level of a CPIC or RFC connection should be transferred. In order to prevent misuse, you can use this parameter to prevent the trace level from being transferred within the gateway.
0: Trace level is not allowed to be accepted
1: Transfer trace level allowed
Default Setting |
1 |
Unit |
Truth value |
Dynamic |
Yes |
Determines how remote CPIC programs are to be started:
REMOTE_SHELL : Start via remote shell
SSH_SHELL: Start via secure shell
REXEC: Start via rexec (UNIX only!)
DISABLED: Deactivate remote activation of programs
Remote programs to be started via remote shell always run under the gateway identification. If remote programs are started using rexec, they run under the identification defined by the parameters SAPUSERNAME and SAPPASSWORD.
Default Setting |
REMOTE_SHELL |
Unit |
Special string |
Dynamic |
Yes(*) |
(*) but only if changing the parameter affords increased security, thus REMOTE_SHELL -> DISABLED or REXEC -> DISABLED is allowed, whereas DISABLED -> REMOTE_SHELL or DIABLED -> REXEC is not.
If programs are started using rexec, blockages may occur in the gateway. To make it easier to analyze any blockages, a warning is written to the trace file once the time has exceeded by five seconds. This check is also made for remote shell calls.
The value 0 deactivates this check.
Default Setting |
5 (seconds) |
Unit |
Seconds |
Dynamic |
Yes |
Identification for starting remote CPIC programs using rexec.
Default Setting |
- |
Unit |
Character String |
Dynamic |
No |
Identification for starting remote CPIC programs using rexec.
Default Setting |
- |
Unit |
Character String |
Dynamic |
No |
Specifies the call path of the remote shell to start programs on other hosts. If the variable USER is defined in the environment, then the value with -l <value> is transferred to the remote shell.
Default Setting |
HP |
/usr/bin/remsh |
Linux |
/usr/bin/remsh |
|
SNI |
/usr/bin/remsh |
|
AIX |
/usr/ucb/remsh |
|
OSF1 |
/usr/ucb/rsh |
|
SUN |
/bin/rsh |
|
OS/2 |
rsh |
|
Windows |
rsh |
|
Otherwise |
remsh |
|
Unit |
Data path |
|
Dynamic |
No |
Specifies the call path of the secure shell to start programs on other hosts.
Default Setting |
HP |
usr/bin/ssh |
Linux |
usr/bin/ssh |
|
AIX |
/usr/ucb/ssh |
|
OSF1 |
/usr/ucb/ssh |
|
SUN |
/bin/ssh |
|
OS/2 |
ssh |
|
Windows |
ssh |
|
Otherwise |
ssh |
|
Unit |
Data path |
|
Dynamic |
No |
Determines the status of the gateway statistics after starting the gateway. The gateway statistics can be evaluated using the gateway monitor (gwmon or transaction SMGW), and can be changed dynamically.
0: Statistics deactivated
1: Statistics active
Default Setting |
0 |
Unit |
Truth value |
Dynamic |
Yes |
This parameter determines whether the gateway should communicate with the monitor locally or remotely.
0 : No monitor commands allowed
1: Only monitor commands from the local monitors accepted
2: Commands from local and remote monitors accepted
Default Setting |
1 |
Unit |
Integer: 0,1,2 |
Dynamic |
Yes(*) |
(*) but only if changing the parameter affords increased security, thus 2 -> 1 is allowed, 1 -> 2 is not allowed.
With this parameter you can configure gateway logging. You can specify whether the gateway writes its actions to a log file, which types of actions are logged, and how the file is renamed. You have the options to define a maximum size for the file, and to specify whether old files are overwritten.
Recommendation
If the gateway is running in an AS ABAP instance, we recommend you make settings for gateway logging in the gateway monitor (transaction SMGW). If you want to make permanent logging settings so that it works again after the instance has been restarted, you have to set this parameter in the profile.
You must set the parameter as follows:
Syntax
gw/logging = LOGFILE=<name> ACTION=[TERSMPXVCO] [MAXSIZEKB=n] [SWITCHTF=t] [FILEWRAP=on]
The meaning of the individual elements is as follows:
LOGFILE: File name of the log file
ACTION: The character sequence (subset from TERSMPXVCO) specifies the actions to log.
MAXSIZEKB (optional): Maximum file size As soon as the file exceeds this size, a new file is opened, whereby the new file name can change if special characters are used. This happens unless a condition was specified for SWITCHTF that applies first.
SWITCHTF (optional): Opens a new file after a specific time period, unless a condition was specified for MAXSIZEKB that applies first.
The following values can be specified:
year: After one year a new file is opened
month: After one month
week: After one week
day: After one day
hour: After one hour
FILEWRAP (optional): Reuse file This parameter can only have value ON. If this value is set, no new file is written, but the one already open is reset and rewritten to. The values for parameter LOGFILE are only used the first time the file is opened.
Use this parameter to specify the proxy settings of the gateway.
For instance, you can specify restrictions for forwarding requests from other gateways. Requests can be forwarded to other gateways if the gateway options are defined for the RFC destination, or if load distribution is activated.
By making entries in the file you can permit or deny processing of requests from specific gateways.
Each line indicates permitted or denied connections. Each line must have the following syntax:
Syntax
P D SOURCE=hosta DEST=hostb
The first character must be a P(permit) or a D(deny).
P: These entries indicate permitted connections.
D: These entries indicate denied connections.
For SOURCE and DEST lists of host names, IP addresses, subnetwork masks and/or domain names can be specified. These entries must be separated by a comma.
A port number can also be included. If it is, then only requests from the specified system are accepted or rejected. The port number must be the number of the gateway, for example, 3300 for the system with number 00. Wild cards are not permitted.
Example
P SOURCE=saphosta DEST=saphostb
D SOURCE=saphosta:3300 DEST=saphostb
D SOURCE=10.18.54.56 DEST=10.18.55.*
P SOURCE=*.sap.com DEST=*.sap.com
P SOURCE=*.sap.com,*sap.corp DEST=*
If a request arrives from another gateway and is to be forwarded, the file is searched sequentially and stopped at the first matching entry. In accordance with the entry, the request is forwarded or rejected.
If no matching entry is found, the request is rejected.
If the file does not exist, all requests are forwarded.
Default Setting |
/usr/sap/<SID>/<instance>/data/prxyinfo |
Unit |
File name |
Dynamic |
No |