Logging and tracing are important elements for securing your application server systems. Logs are important for monitoring the security of your system and to track events if problems occur, as well as for auditing the correct usage of the system.
Keep in mind the difference between logs and traces. Logs are mainly addressed to an administrator of a customer system, while traces are addressed to a developer and support organization. Write into logs only messages that are important for an administrator who supervises the system during normal operation. Write into traces everything that might be important for tracing erroneous behavior.
The SAP Logging API offers high quality support for common practices in logging:
The SAP Logging API is provided through the Java package com.sap.tc.logging , with all functionality for both tracing and events logging.
For more information on using logs and traces on the AS Java, see Logging and Tracing .
All applications should have a proper logging and tracing. For security reasons, we recommend that you log security-related events that have occurred in the system. One example of events of this type is unsuccessful authorization checks. Another example is any malicious actions, such as attempting to call objects even if these objects have been locked. Use the built-in SAP Logging API.
The AS Java provides an easy mechanism for configuring the behavior and output of logging without having to write Java source code. For example, if you want to generate more or fewer log messages, this depends on their diagnosis level. Sometimes you may also want to change the output destination, or even the format of the message. These can all be specified separately and dynamically integrated with the program. You do not have to recompile the source code.
The general procedure for you is as follows:
The message is produced and sent to the destination only when the severity of the message is equal to or higher than the source. From a developer's point of view, the focus is on steps 1, 4, and 5 defined above. The other steps are ultimately more or less determined and configured by the operators/end-users.
For more information about the SAP Logging API, see SAP Logging API .
See also the Logging Quick Guide and How to Write Useful Log and Trace Messages .
When using logging for an audit log, consider the following issues: