Solution Manager can tell me if any account is locked (ABAP)…wildcard edition
Someone posed the question to me, if Solution Manager has to be restricted to having to define all of the accounts that you want notifications on when then lock.
Solution Manager can tell me if a system account is locked (ABAP) is where the question was posed.
I tried to setup a “*” wildcard statement as a variant for the User locked metric, this resulted in no alert; my guess would be that it was looking for a user equal to “*”, which doesn’t exist in the system.
So here is how I found a way around to obtain a pure SAP ABAP way to watched for locked accounts, it instead leverages the logs from tx SM21.
Above is the end result of a user account being locked (ADSUSER is what I purposely locked), this was accomplished by monitoring the “US1” message number/message ID. The other useful piece of information is to also add “.*” (that is a period astrick), for the message severity and message text.
Below is where you configure the items for Solution Manager in order to accomplish notifications upon any account locking in an ABAP system:
Now you should be seeing entries populate the Alert Inbox when an account is locked in the system. You can set notifications up within the template and start collecting email notifications for all accounts.
The only downside that I can see with this method is that the alert, when triggered, the alert shows up as “Errors in ABAP System Log”…start monitoring other system logs and now you have verify by the html attachment vs reviewing an alert name of (eg Locked Users). However when having to view the system log vs being notified about the few things that I do want to monitor and let the system read/parse out on my behalf.
Thanks Billy. This is very useful. I have created a custom metric and alert to generate alerts only on this particular system log message for locked users vs. including all system log messages in one alert. That is working great. However I am trying to get the details of the system log message (e.g. userid of locked user) to appear in the body of the email within the description. I am able to get my custom description to appear, however, the actual locked userid only shows up in the E2E alert analysis report attached to email alert. Any suggestions?
From what I have seen and read on other posts, access to modify the data sent in that attachment is not easily achieved.
The data is coming from the BW cube(s) within Solution Manager and I'm unaware of any SolMan methods to query the cube(s) to fire an alert off when it is populated.
As you may be aware, SP10 is right around the corner and is going to have more features coming out, we may have some enhancements to the MAI infrastructure allowing us to convert the attachment to a plain txt email.
Another thought, you could try performing some CCMS custom monitors on the remote system and have the alert come from CCMS. I would then also change your custom metric to look for that CCMS monitor along with an alert with no auto notification setup. This would allow you to get the username in the email, and you would have the trigger history on Solution Manager providing you the correlation time stamps if you need to track down the time the account is locking....or just keep all the emails on the alert, space is no object for email systems is it?? 😉
I was afraid of that. I will let you know if I find a way to make this work in SP8. Thanks
Another thought, perhaps post the question in the SolMan space and see if anyone there has suggestions, with me placing this under the security space we may not see many posts.
Hi Billy,
I have created a custom metric with US1 in the system log, and upon applying the template and activation,I still see a gray rating, Is anything missed?
Thanks,
Karthik
Do the default ones come through? In the managed system that you created the US1 filter for, does it have a line item for US1?
Any errors on your extractor framework, or other grey metrics?
Hi Billy,
Other metrics do have a rating,only this metric has a gray rating. I created the metric for the managed system in the Technical system template, for the US1 filter, Is anything configuration to be done for US1 messages to have the data appear in the sm21 logs.
Thanks,
Karthik
No configuration should be needed for any system's SM21 to display US1 logs; have you tried locking a test account to verify you do receive the US1 logs?
Have you tried applying this to other ABAP systems to test if its specific to the system you have it setup for currently?