How to - Activate Audit logging for CE CAF BO’s

Technology Blogs by Members

Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!

Purpose

This brief document sets out to describe how a CE developer can utilise standard SAP functionality against BO's in the CAF layer, to enable audit logging of any changes to data within those BO's. This is a simplistic activity and can be completed in a short amount of time, however the results generated could be greatly beneficial when dealing with challenging problems in applications that are dependant on quite complex data models.

Aim

Activating audit logging against BO's triggers the creation of a log file on your NW Java server that captures each and every change (create, update, delete) against the BO you have activated logging against. Each change transaction stores the following information in the log file:

ID of the logged data
Current transaction information
Information about the user that performed the change
Information about the business object node in which the change happened
Information about the business object node instance which was created, deleted, or whose fields or associations were updated
Information about the change itself that happened

The log file is written to the same directory as the default trace on the server - "\j2ee\cluster\server0\log\" - and the file itself is called "caf_audit.log".

This log file is updated when any changes are made against your BO, regardless of how they were initiated. So you could trap updates to a BO between BPM processes for instance that might be clashing with direct updates to the BO from a stand-alone WD application.

I would suggest this auditing is not activated for all BO's just for the sake of it as you will quickly end up with massive log files that are almost meaningless and too cumbersome to be of any real use. Instead, this functionality could be used as part of problem solving or against particularly sensitive BO's, which require this level of audit to help with support and/or maintenance activities.

NOTE: Reads of the BO are not captured in this log file - if you need this functionality (unlikely) you will need to add extra, custom logic to your BO operations.

Prerequisites

This guide was composed using NW CE 7.3 SP1 and NWDS 7.3 SP1 - it should be compatible with all subsequent versions.

How to...

Activate Audit Logging

Once you have identified a BO that you would like to audit, activating is a very simple activity. Open the BO in NWDS and view the "General" tab that contains a "Properties" section. Here, you should see a checkbox called "Audit Enabled" that you select to activate the logging:

Once this checkbox is activated, you should generate, build and deploy your DC as normal. Now, as stated above, any changes to the content of this BO will be written to the audit log file in the location specified above.

To simulate this, you could navigate to the CE Service Browser on your system, find the BO you have activated auditing against and perform a maintenance operation against it - this will generate an entry in your audit log file.

View Audit Log entries

To access the audit file, first log into NWA for your system and navigate to the Log Viewer (normally found via Troubleshooting -> Logs and Traces -> Log Viewer.) The CAF log file is not part of the 'core' standard log files on a NW Java system so you need to perform a few steps to find it:

Click on the "View" drop-down and navigate to "Open View... -> Unstructured Log Files":
In the subsequent screen, click on the "Display Log File" drop-down and choose "caf_audit.log":

You should now be able to review the entries in the log file, typically made up of a header describing the audit event and multiple entries showing the change activity against your BO's.

Download the Log File

With the log file open, click on the "Log Files" menu and choose "Download Files":
In the pop-up that appears, select the file and hit the "Download" link. Press "Close" when finished: