Hi developers,

I guess most of you have ever changed the variable content in the debugger every day, right?

Suppose you are doing some evil thing ( for example, bypass the authorization check via debugger ) in a system where you have enough authorizations to change

the variable value in debugger, are you aware that your crime is already being recorded and you will be challenged by your system admin based on that evidence?

Sure, they are recorded in system log, SM21.

SM21 is very easy to use, just specify the criteria:

/wp-content/uploads/2013/11/clipboard1_327565.png

Suppose I changed the content of LV to 123.

/wp-content/uploads/2013/11/clipboard2_327590.png

This is the respective entry recorded in SM21.

( You can get an overall view of what activities you have done on the system during that day. You also observed that once you log on system AG3 via SAP gui,

the dispatcher automatically assign you with a appropriate application server instance. Still remember BC400? )

/wp-content/uploads/2013/11/clipboard3_327591.png

double click it to navigate to detail. You can deny by saying that “someone stole my user and did that operation”. However the Terminal will make your excuse as a nonsense.

/wp-content/uploads/2013/11/clipboard4_327592.png

Even when you change the process flow in debugger via Shift+F12, it will also be recorded.

/wp-content/uploads/2013/11/clipboardss_327600.png

/wp-content/uploads/2013/11/clipboard5_327593.png

If you click Trace button, you can get a more detailed technical log based on OS level. By clicking “Display Components” you can set a filtler to only those traces which you are interested.

/wp-content/uploads/2013/11/clipboard6_327594.png

Those trace files are stored in application server folder DIR_HOME, you can view them via AL11. Double click:

/wp-content/uploads/2013/11/clipboard7_327595.png

And the dev_XXX files are just what you have seen in SM21.

/wp-content/uploads/2013/11/clipboard8_327599.png

if you want to operate on those log programmingly, you can have a look at the code in package SYSLOG.

To report this post you need to login first.

15 Comments

You must be Logged on to comment or reply to a post.

    1. Jerry Wang Post author

      Hi Miguel,

      A system admin has authorization to delete the system log stored in given folder as mentioned in the blog. Also I guess there is a background job which could be scheduled to delete old log say 1 months ago – I just tried in system and found using SM21 I couldn’t find logs one month ago.

      Best regards,

      Jerry

      (0) 
    2. Raymond Giuseppi

      Log size is limited (rslg/max_diskspace/local) so logs get deleted after some time, not by a standard job like spools of job log.

      You could analyze z45580 – How are syslog files deleted? but the deletion will not be easy and discreet… 😈

      Also log can be programmaticaly read and trigger some periodic job reporting such “messages” to manager…

      Regards,

      Raymond

      (0) 

Leave a Reply