Have fun with system log – your debugging activity is being recorded by System
Hi developers,
I guess most of you have ever changed the variable content in the debugger every day, right?
Suppose you are doing some evil thing ( for example, bypass the authorization check via debugger ) in a system where you have enough authorizations to change
the variable value in debugger, are you aware that your crime is already being recorded and you will be challenged by your system admin based on that evidence?
Sure, they are recorded in system log, SM21.
SM21 is very easy to use, just specify the criteria:
Suppose I changed the content of LV to 123.
This is the respective entry recorded in SM21.
( You can get an overall view of what activities you have done on the system during that day. You also observed that once you log on system AG3 via SAP gui,
the dispatcher automatically assign you with a appropriate application server instance. Still remember BC400? )
double click it to navigate to detail. You can deny by saying that “someone stole my user and did that operation”. However the Terminal will make your excuse as a nonsense.
Even when you change the process flow in debugger via Shift+F12, it will also be recorded.
If you click Trace button, you can get a more detailed technical log based on OS level. By clicking “Display Components” you can set a filtler to only those traces which you are interested.
Those trace files are stored in application server folder DIR_HOME, you can view them via AL11. Double click:
And the dev_XXX files are just what you have seen in SM21.
if you want to operate on those log programmingly, you can have a look at the code in package SYSLOG.
Nice to know this thanks for sharing.....
very good
Nice Article ...
Good article even if we want to do any wrong SAP will notice it...
Hi Hanumanth,
thanks for your comment:)
Best regards,
Jerry
Very nice document..
good to know, but now the idea should be delete those logs...how to do it?
Regards
Miguel
Hi Miguel,
A system admin has authorization to delete the system log stored in given folder as mentioned in the blog. Also I guess there is a background job which could be scheduled to delete old log say 1 months ago - I just tried in system and found using SM21 I couldn't find logs one month ago.
Best regards,
Jerry
Log size is limited (rslg/max_diskspace/local) so logs get deleted after some time, not by a standard job like spools of job log.
You could analyze z45580 - How are syslog files deleted? but the deletion will not be easy and discreet... 😈
Also log can be programmaticaly read and trigger some periodic job reporting such "messages" to manager...
Regards,
Raymond
Hello Raymond,
thank you very much for your informative complement 🙂
Best regards,
Jerry
Good work
i cant believe that as they can see what you done in debugger
it will take space to log all these data
Good Document and Thanks for sharing
good document.. Learned a lot ... thanks 🙂
Good One...
Keep Sharing.... 🙂
Good document and Thanks for sharing.