Skip to Content
Author's profile photo Jerry Wang

Have fun with system log – your debugging activity is being recorded by System

Hi developers,

I guess most of you have ever changed the variable content in the debugger every day, right?

Suppose you are doing some evil thing ( for example, bypass the authorization check via debugger ) in a system where you have enough authorizations to change

the variable value in debugger, are you aware that your crime is already being recorded and you will be challenged by your system admin based on that evidence?

Sure, they are recorded in system log, SM21.

SM21 is very easy to use, just specify the criteria:

/wp-content/uploads/2013/11/clipboard1_327565.png

Suppose I changed the content of LV to 123.

/wp-content/uploads/2013/11/clipboard2_327590.png

This is the respective entry recorded in SM21.

( You can get an overall view of what activities you have done on the system during that day. You also observed that once you log on system AG3 via SAP gui,

the dispatcher automatically assign you with a appropriate application server instance. Still remember BC400? )

/wp-content/uploads/2013/11/clipboard3_327591.png

double click it to navigate to detail. You can deny by saying that “someone stole my user and did that operation”. However the Terminal will make your excuse as a nonsense.

/wp-content/uploads/2013/11/clipboard4_327592.png

Even when you change the process flow in debugger via Shift+F12, it will also be recorded.

/wp-content/uploads/2013/11/clipboardss_327600.png

/wp-content/uploads/2013/11/clipboard5_327593.png

If you click Trace button, you can get a more detailed technical log based on OS level. By clicking “Display Components” you can set a filtler to only those traces which you are interested.

/wp-content/uploads/2013/11/clipboard6_327594.png

Those trace files are stored in application server folder DIR_HOME, you can view them via AL11. Double click:

/wp-content/uploads/2013/11/clipboard7_327595.png

And the dev_XXX files are just what you have seen in SM21.

/wp-content/uploads/2013/11/clipboard8_327599.png

if you want to operate on those log programmingly, you can have a look at the code in package SYSLOG.

Assigned Tags

      15 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Nice to know this thanks for sharing.....

      Author's profile photo Former Member
      Former Member

      very good

      Author's profile photo Former Member
      Former Member

      Nice Article ...

      Author's profile photo Former Member
      Former Member

      Good article even if we want to do any wrong SAP will notice it...

      Author's profile photo Jerry Wang
      Jerry Wang
      Blog Post Author

      Hi Hanumanth,

      thanks for your comment:)

      Best regards,

      Jerry

      Author's profile photo Former Member
      Former Member

      Very nice document..

      Author's profile photo Miguel Alvear
      Miguel Alvear

      good to know, but now the idea should be delete those logs...how to do it?

      Regards

      Miguel

      Author's profile photo Jerry Wang
      Jerry Wang
      Blog Post Author

      Hi Miguel,

      A system admin has authorization to delete the system log stored in given folder as mentioned in the blog. Also I guess there is a background job which could be scheduled to delete old log say 1 months ago - I just tried in system and found using SM21 I couldn't find logs one month ago.

      Best regards,

      Jerry

      Author's profile photo Raymond Giuseppi
      Raymond Giuseppi

      Log size is limited (rslg/max_diskspace/local) so logs get deleted after some time, not by a standard job like spools of job log.

      You could analyze z45580 - How are syslog files deleted? but the deletion will not be easy and discreet... 😈

      Also log can be programmaticaly read and trigger some periodic job reporting such "messages" to manager...

      Regards,

      Raymond

      Author's profile photo Jerry Wang
      Jerry Wang
      Blog Post Author

      Hello Raymond,

      thank you very much for your informative complement 🙂

      Best regards,

      Jerry

      Author's profile photo solen dogan
      solen dogan

      Good work

      i cant believe that as they can see what you done in debugger

      it will take space to log all these data

      Author's profile photo Former Member
      Former Member

      Good Document and Thanks for sharing

      Author's profile photo Sivaganesh K
      Sivaganesh K

      good document.. Learned a lot ... thanks 🙂

      Author's profile photo Former Member
      Former Member

      Good One...

      Keep Sharing.... 🙂

      Author's profile photo Deepak Ramchandran
      Deepak Ramchandran

      Good document and Thanks for sharing.