Skip to Content

Hi developers,

I guess most of you have ever changed the variable content in the debugger every day, right?

Suppose you are doing some evil thing ( for example, bypass the authorization check via debugger ) in a system where you have enough authorizations to change

the variable value in debugger, are you aware that your crime is already being recorded and you will be challenged by your system admin based on that evidence?

Sure, they are recorded in system log, SM21.

SM21 is very easy to use, just specify the criteria:


Suppose I changed the content of LV to 123.


This is the respective entry recorded in SM21.

( You can get an overall view of what activities you have done on the system during that day. You also observed that once you log on system AG3 via SAP gui,

the dispatcher automatically assign you with a appropriate application server instance. Still remember BC400? )


double click it to navigate to detail. You can deny by saying that “someone stole my user and did that operation”. However the Terminal will make your excuse as a nonsense.


Even when you change the process flow in debugger via Shift+F12, it will also be recorded.



If you click Trace button, you can get a more detailed technical log based on OS level. By clicking “Display Components” you can set a filtler to only those traces which you are interested.


Those trace files are stored in application server folder DIR_HOME, you can view them via AL11. Double click:


And the dev_XXX files are just what you have seen in SM21.


if you want to operate on those log programmingly, you can have a look at the code in package SYSLOG.

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

    1. Jerry Wang Post author

      Hi Miguel,

      A system admin has authorization to delete the system log stored in given folder as mentioned in the blog. Also I guess there is a background job which could be scheduled to delete old log say 1 months ago – I just tried in system and found using SM21 I couldn’t find logs one month ago.

      Best regards,


    2. Raymond Giuseppi

      Log size is limited (rslg/max_diskspace/local) so logs get deleted after some time, not by a standard job like spools of job log.

      You could analyze z45580 – How are syslog files deleted? but the deletion will not be easy and discreet… 😈

      Also log can be programmaticaly read and trigger some periodic job reporting such “messages” to manager…




Leave a Reply