Show TOC Start of Content Area

Background documentation Auditing  Locate the document in its SAP Library structure

Security Audit Log

SAP NetWeaver PI uses the standard security audit log of both AS ABAP and AS Java.

More information:

      ABAP: Security Audit Log

      Java: Viewing Specific Security Views

Design and Configuration Time

For auditing reasons, it is important to know who made a change to a design time object in the Enterprise Services Repository or to a configuration time object in the Integration Directory. Therefore, the change history of all these objects is tracked in the Enterprise Services Builder or the Integration Builder, respectively. You can access the change history in the detail view of each object by choosing History in the main menu of the object. To display the current data of the last change, choose the object’s info button.

Message Execution

Auditors must be able to analyze and track the messages that have been processed by messaging components. The Integration Server, the Advanced Adapter Engines, and the PCK have a runtime persistence layer for short-term storage of executed messages and an archiving component for long-term storage. The Integration Server uses SAP NetWeaver Application Server ABAP (AS-ABAP), and the Advanced Adapter Engine and the PCK use SAP NetWeaver Application Server Java (AS-Java).

Asynchronous messages are always persisted in the runtime persistence layer, whereas synchronous messages can only be persisted if errors occurred or for logging purposes in the Integration Engine. Only successfully processed asynchronous messages in the persistence layer can be archived or deleted. Messages with errors are never automatically deleted, but only manually by administrators.

To archive XML messages, you must define the interfaces of the messages to be archived in the Integration Server. In the Advanced Adapter Engine or PCK, you can define more sophisticated rules and schedule the archiving jobs.

Note

Messages with configured message-level security are an exception to this rule. These messages are always archived (also synchronous ones). Therefore, no interface definition is required for messages with message-level security (more information: Message-Level Security).

Two jobs have to be executed to archive XML messages:

      Archiving job: Writes messages to archive.

      Delete job: Removes messages from the persistence layer (database) of the Integration Engine.

One job has to be executed to delete XML messages without archiving:

      Delete job: Deletes messages from the persistence layer (database).

Note

The delete job for messages without archiving is not the same as the delete job for archived messages.

On the Integration Server, you can reschedule all jobs periodically, but you should maintain the job sequence.

More information about how to configure message archiving on the Integration Server: transaction Integration Engine – Administration (SXMB_ADM) and the corresponding documentation.

More information about message archiving in the Java components: Archiving Messages.

Use transaction Integration Engine – Monitoring (SXMB_MONI) to select and display archived XML messages on the Integration Server. There are two ways to search for archived XML messages:

      Use an archive

      Use a message GUID

In both cases the system displays a list of archived XML messages. You can switch from the list to display individual archived XML messages or compare message versions.

More information about how to select and display archived messages: transaction Integration Engine – Monitoring (SXMB_MONI) and the corresponding documentation.

Messages archived in the Advanced Adapter Engine or PCK can be monitored as well.

 

End of Content Area