Excited to do some sleuthing!
Getting IP ADDRESS IN SAP
Bliss! Never thought my secret desires during childhood days, of being a sleuth, like my heroes in detective novels, could find some gratification if I pursued a career in IT!
Alright! Alright! I know there is an entire wing in IT dealing with information security and that this is not something alien in IT. But come on! This is my first experience in this area, (other than the authorization checks being done for every transaction) and I have every reason to feel excited about it! 😳
Yep! Got a requirement that if anyone tries to manipulate any sensitive information like basic pay info type or bank account info type, system should log the action with the username in SAP with which he has logged in, and the IP Address( 😯 ) of the computer that he was using for the purpose. (Well user name seemed fine, but IP Address! From SAP! Woah! Thought that would be a load of work.) And, also, immediately send a mail to manager informing him such an attempt was made, with all the details.
Well, it turned out that getting the IP Address from SAP was a piece of cake.
There are various function modules and class methods in SAP for doing this, and the one which I used was the following.
data lv_ip(30) type c.
call method cl_gui_frontend_services=>get_ip_address
receiving
ip_address = lv_ip
exceptions
cntl_error = 1
error_no_gui = 2
not_supported_by_gui = 3
others = 4.
if sy-subrc <> 0.
message id sy-msgid type sy-msgty number sy-msgno
with sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
endif.
And the icing on the cake – Manager is totally happy with the output!
By the way, if anybody feels that there are loop holes in this function, do let me know. I want to be sure that when I do something such as this; it is totally fool-proof! 😎
So to sum up! Being in IT, and in SAP, I can contribute to the interests of CIA! Ahem! Not Central Intelligence Agency: Confidentiality, Integrity and Availability. 😉
Hi Susmitha Susan Thomas.
Nice Post.Keep it Up.
Thanks & Regards,
Sausap
very funny post with info..
Regards,
Narayan
When you said CIA and the meaning of the acronym, I think we're under the same roof. 😉
Nice post....
I have one requirement to make YSTAD report for that it need to get IP address based on terminal id..
Any possibility is there?
I am not sure if SAP stores the history of IP Address. I have read that SM18, SM19, and SM20 are all used for logging purpose. We use settings in RZ10 to activate / deactivate logging. Sm18 - deletes logs, SM19 - enables loggin, SM20 - reads the logs. However, for this also, log can be obtained only for the last few days.
You can also check transactions STAT, or ST03N.
This FM will give only the current IP address.
If you could modify the transaction you are trying to track to get the IP address when it is being run and simultaneously store it in database, then maybe you can retreive this information later on.
Ok Thank You....
Good post, Susmitha.
Useful info.
Jogeswar Rao K
Hi Susmitha,
To be honest, few days back when looking at SCN for a solution to one of my need, i found this method in a very old post.
But i liked the way you have explained the usage of the method with a business example in a funny tone.
Regards,
AyyamPerumal
If your SAP security settings are strong enough then "anyone" should not have access to any "sensitive information". Imo - "It's better to be safe than sorry".
- Suhas
Hi Susmitha,
A good post and the way you have put it is even better.
Thanks! 🙂
Jagathshree
Susmitha,
If IP address is dynamic, this will not serve your purpose.
Instead you can make use of the function SCUT_GET_CLIENTHOST to retrieve the host which is static.
Regards,
You are right! This will not serve the purpose for terminals with dynamic IP address.
Does SCUT_GET_CLIENTHOST give the IP address also? I tried it, I could get only the Terminal ID.
The idea is to identify who did it.
In a corporate environment, terminal ID serves as unique identifier of a machine.
Even if I access the network using personal internet connection, the machine name does not change. And changing machine name is usually not possible because of strong group policies, set by the employer.
As Manish kumar said, terminal ID is sufficient enough to uniquely identify a system. You don't need IP if you have terminal ID.
Nice document. In addition to this, Run program TEST_FRONTEND_SERVICES. It gives test case for all methods of CL_GUI_FRONTEND_SERVICES. Its not even IP but we can get the information on Domain/User id of the system.
-Satya
This nice, never knew that it existed.
However I didnt find any tests written for get_ip_address( ) method.
Also I couldnt debug any of the cl_gui_frontend_services methods. Strange !
Hi Susmitha,
Good one and very impressive.
Regard's,
Shashi Kanth.
i have been trying to get the computer name, but it is not returning any value.
Hello Abhishek,
I just saw that FM TH_USER_INFO - can give u computer name too 🙂
Terminal ....they call it.
try it its awesome.
Was he happy because now that he could fire the entire SAP Security team? 😕
Very Informative...Thanks.
Best Regards,
Naresh K.
Good one 🙂
I tried getting IP by
and with lot of bespoke code 🙁 I managed to get IP .....
Never imagined it was this easy 🙂
good one ........
Nice post Susmitha.
Does this work on virtual connections as well!? IP address here is dynamically generated for each connection. So, same machine can have different IP when connected to network for next time.
Thanks,
Vinod.
No this is not going to work for virtual connections with dynamic IP addresses. For that you can use SCUT_GET_CLIENTHOST as was suggested by K.Arun Prabhu.
Susmitha,
I guess the following method will be better than IP and host data of a PC. This fetches the OS logon username which a person is working with. If the PC is not shared and if logon username created against that person, then this will be useful for investigations 😉
CALL METHOD CL_GUI_FRONTEND_SERVICES=>GET_USER_NAME
CHANGING
USER_NAME = user
EXCEPTIONS
CNTL_ERROR = 1
ERROR_NO_GUI = 2
NOT_SUPPORTED_BY_GUI = 3
OTHERS = 4.
CALL METHOD CL_GUI_CFW=>FLUSH
EXCEPTIONS
CNTL_SYSTEM_ERROR = 1
CNTL_ERROR = 2
OTHERS = 3.
Regards.
Short, to the point, and a nice one to have up my sleeve.
Good work....thanks for sharing.. 🙂
Nice Documents Susmitha Susan Thomas.
Interesting and a valid requirement I must say!!
But for how many days are you storing the logs and where is also important in this scenario.
Can you share the approach followed in that.
Regards,
Raghav
Very Good congratulations 😆
Good post, thanks for sharing:-)
Thanks,
Ashok
Nice post