Skip to Content

Objective: To showcase the user and developer experience on using and implementing the SAP GUI Logging Solution for Windows.


About Product: SAP UI Logging for windows will help to log/record all the activities/actions on the SAP GUI transaction code by the user. It logs every input or action or user entered value on the screen. Based on the logged data we can write our own rules to raise violations. It is going to be very difficult task to restrict or monitor users by authorization objects based on transaction codes based on the role, level, organization unit or any other parameters. SAP UIL will give a lot of ease in monitoring the access of sensitive transaction codes by the users and to identifying the data leaks.


How it works: Assume that we have a list of transaction codes which are required for the logging.

These transaction codes are maintained in the SAP UIL specific configuration tables and it enables SAP UIL to log the activities happening on that particular transaction code.


Customer can choose any field (any number of fields) on the screen for each transaction code (like company code, Personnel Area) for logging.

For ex: let’s assume that if the user belongs to Company Code “CCode 1” and is only allowed to view the sales data belonging to their own company code. SAP UIL will enable the customer who wants to monitors the activities of all the users and want the list of users who are violating this rule.

Whenever the user gives any other company code (which they are not supposed to view) on the transaction code and hits execute sales, SAP UIL will log all the information like transaction code, time, sy-uname, input values etc. Using the log data we can write our own rules to identify user and their company code and which company code data has been viewed.


Configuration:

/LOGWIN/IMG transaction code is used for enabling SAP UIL solution, transaction code and maintain mapping for the fields (which are required for the logging) of the transaction code. The data will be stored in the following configuration tables.

  • /LOGWIN/PARAM    – Global Parameters for UI Logging of SAP GUI –
  • /LOGWIN/CMP_CNF  – Configuration for SAPGUI
  • /LOGWIN/MAP_FLD  – Field Mapping
  • /LOGWIN/MAP_FLDT – Field Mapping Texts
  • /LOGWIN/MAPVIEW  – Mapping for Views
  • /LOGWIN/MAPVIEWT – Mapping for View Texts

It is very easy to generate the configuration entries for a transaction code to enable logging. All we have to do is to execute the program ‘/LOGWIN/GENERATE_MAP_ENTRIES ‘with the required transaction code.


Internal Log:

Once the transaction code is activated of logging, on every activity on this transaction code the logged data will be stored in Temporary/Internal Log Tables.

  • /LOGWIN/RECBASIC – Intermediate Log Records
  • /LOGWIN/REC_DATA – Storage of Name/Value as Cluster Table
  • /LOGWIN/REC_INF    – Additional Information for UI Objects

External Log:

So far we have activated the SAP UIL, maintained the transaction code for logging and also stored the internal log. Next step is to convert internal to external log by custom coding.

External log is nothing but refining, filtering, converting and transforming the internal log data into customer’s choice database table. Creating the external log table is completely customer’s choice if the SAP UIL provided external log doesn’t fit their need.  Customer might not be interested in all the logged data; they might be only interested in only those fields which will help them to raise the violations. In the above example which I have given in “how it works” section, logging of only company code field is enough and customer might only want to save the user information and user accessed information in two different tables and then can compare table-1-company code (user information or user company code) to table-2-company code (user entered company code in transaction code) and then raise violation or trigger email if both company codes are not equal. Customer can create multiple database tables, completely depends on the requirement on how to raise violations.

Transaction Code: /LOGWIN/TSF_TO_EXT will collect all the internal logs and transforms it to external log. You can implement a new class and redefine ‘store_data’ method of /LOGWIN/CL_DATA_HANDLER to implement your own code and save it in your own database tables. Methods available in this class can be used to determine how you want to arrange your structure of the data.

Example for a simplified structure: All the header information and including a name/value pair table (which contains the field required for logging and its value). The structure of the data depends on how you want to receive data from the transformation program. Once the structure is in simpler format of internal log, further derivations can be done on the available data. Example for this case is, you have a user id of the user who accessed the transaction code (sy-uname), but before saving it to the external log, customer wants his immediate manager details that sort of logic can be written in separate method considering this is going to be common for the internal log records.


BADI’s:

The following BADIs will help you to manipulate/change the data or to derive any other value during the transformation of internal log to external log.

  • /LOGWIN/BADI_SAPGUI_LOGGING: Methods available in this BADI can help you to restrict the creation of internal logs. For ex: If you want to avoid all the PBO events from logging, you can write your custom code here.
  • /LOGWIN/DB_ACCESS_BADI: Methods available in this BAdI will help you to access the Temporary Log Data, if you want to avoid the creation of temporary logs based on the data that is going to be stored in /LOGWIN/REC_INF data. The information available here is at very granular level.

Important Programs and Transaction codes:

  • Program: /LOGWIN/CLEAR_LOG will clear all the logs from the internal log tables.
  • Program /LOGWIN/GENERATE_MAP_ENTRIES will generate configuration entries.
  • Transaction code: /LOGWIN/SHOW_LOG is the most useful transaction code to view all the logged data stored in the 3 internal log tables in one screen.
  • Transaction Code: /LOGWIN/TSF_TO_EXT is used to convert and send or save the internal log table to external log table.


Points to remember:

  • Always clear the internal log created by SAP UIL once the transformation (internal log to external log) is done. This will help to reduce a lot of memory size consumed by the internal log tables.
  • Always clear the external log once the violations are raised or at least in regular intervals.
  • Maintain the user ids in /LOGWIN/USER table if you want to avoid logging of specific users.
  • It’s good to have one more table to identity only the users who are required for the logging. This table can be configuration table where you can maintain company codes or organization units and only those users falling under these company codes or org units are required for logging. This sort of logic can be implemented before or after transformation.
  • Maintain only those configuration entries which exactly resolve your purpose. For ex: A transaction code will have multiple sunscreens or fields and the customer is only interested in a field on a specific screen, it will be great on performance if we maintain only that information in the configuration table by avoiding the logging on unnecessary screens.
  • Turn off SAP UIL during System Upgrades.

Demo Run with screen shots and explanation:


Activation of SAP UI Logging:

Transaction Code: /LOGWIN/IMG – Check/Tick Activates the SAP UIL.

/wp-content/uploads/2014/10/act_565533.png


Configuration:

        Transaction Code: /LOGWIN/IMG – Maintain Transaction code and

        execute/access the transaction code.

/wp-content/uploads/2014/10/tcode_565534.png

/wp-content/uploads/2014/10/view_565538.png

Now execute the program /LOGWIN/GENERATE_MAP_ENTRIES. A lot of configuration entries can be found. Let take an example of transaction code ‘CJ30’. I am only interested in one screen, so I have deleted the rest of entries for performance. In this screen/view, I have the field which is required for the logging.


/wp-content/uploads/2014/10/view2_565550.png

Let us now see what we have in GUI fields for the above screen. I have removed all the entries/fields which are not required for the logging. I am only interested in POSID, so I have maintained mapping value. You can also see EXCLUDE FIELD, if you select this field the logging will not happen, but consider the code will have to loop on these fields to determine whether this field is required for the logging or not.


/wp-content/uploads/2014/10/fields_565551.png

Mapping Value: POSID is one of the fields in the external log table. When we are building the name/value pair table during transformation, the user entered value will be assigned to the structure of the external log table field; this is like an easy mapping. If we have BUKRS, CCode or any other name on the transaction code then we can map all these fields to one by having single mapping value.


Internal Logs:

Transaction Code: /LOGWIN/SHOW_LOG – In the below screen shot you will have all the information that is required. Transaction code, user name, time stamp, PBO or PAI event.

In the below case, I can tell that the user has used sales order number 13112 in the VA03 tcode. PAI event actually tells me that the user has executed the transaction.


/wp-content/uploads/2014/10/internal_565552.png

External Logs:

The below tables are only for information purpose. I want to store all the header information along with user’s manager personnel number and user’s company code.

Table 1: User Information:

/wp-content/uploads/2014/10/ext1_565559.png

Table 2: Accessed Information:

    If you remember, I have shown you the transaction code CJ30 configuration.

    I will save the POSID from internal log, derive company code from POSID, parent guid

    is same as guid in the user information table, I am splitting one structured

    information into two. Now, all I have to do is to compare

    ZDT_LOG_USER-COMPANY_CODE to ZDT_LOG_ACCESS-COMPANYCODE.

    If these two fields are not equal then we will raise a violation.

/wp-content/uploads/2014/10/ext2_565560.png

Conclusion:

I personally experienced how SAP UIL avoided lot of authorization work and helped in audits. It improves data security, great control during audits and identifying data leaks.

SAP UIL captures every action, every round trip and not even a single action is missed. Just by looking at the internal log we can visualize what exactly the user has tried to do, what and whose data is viewed.

SAP UIL can give the users free hand in accessing transaction code who are often wait to get proper authorizations and at the same time customers can monitor all the systems and access of sensitive information across the organization without even categorizing.

To report this post you need to login first.

14 Comments

You must be Logged on to comment or reply to a post.

  1. Massimo Quagliani

    Hi Shahid,

    thank you for this guide.

    I installed the add-on LOGCOM 200 SP2 and LOGSGUI 200 SP1 in Netweaver 7.31 SP3 system without issues.

    I activated logging through SPRO tcode for SE11 and SM04 transactions./wp-content/uploads/2015/03/trans_656026.png

    Below the settings made:


    Common setting for logging/wp-content/uploads/2015/03/glo_656036.png


    Logging of SAP GUI for Windows

    /wp-content/uploads/2015/03/gene_656038.png

    Activate Logging on Transaction Level

    /wp-content/uploads/2015/03/trans_2_656039.png

    Entry in /LOGWIN/USER  tableuser.JPG


    I tried to run several time the SM04 and SE11 tcode with the same user present in table /LOGWIN/USER but the table /LOGWIN/RECBASIC is always empty.

    recbasic.JPG


    Do you have any suggestions?

    Best regards,

    Massimo

    (0) 
      1. Massimo Quagliani

        I removed the user id from /LOGWIN/USER table but the issue is still present.

        I tried also to select Exclude (user from the user list) in Global Parameter section but the table /LOGWIN/RECBASIC is still empty.

        Are there any steps to perform after install the add-ons with tcode SAINT?

        Regards

        Massimo

         

        (0) 
          1. Badri Mudupalli

            Hi Lukasz,

            Thanks for that tip, it helped me with SAP GUI logging, We are trying to use the UI logging for SAP CRM using WEBUI logging add-on facing similar issue. All the configuration is setup but there is no information on the logs.

            Any ideas

            Regards

            Badri

            (0) 
    1. Martin Loitz

      Hi Karthik,

      the names of the logging products all begin with “LOGGING …”. You find them in Software Downloads > Installations and Upgrades > A-Z Index. Note that the products will only be visible if you have a license.

      Best regards,

      Martin

      (0) 
      1. karthikeyan karthik

        Hi Martin,

        I successfully installed addon for logging but i’m unable to launch  any tcodes in system.

        Do i need to run any report…?.I can able to see in spro.

        Plz reply..

        Thanks,

        Karthik

        (0) 
        1. Tobias Keller

          Dear Karthik,

          Can you please describe more in detail or give a few examples? I’m not sure which transactions you’re referring to!

          If you’re referring to the configuration options, this should be completely available via SPRO–>IMG–> SAP Netweaver –> respective nodes (one for each of your installed UIL addons).

          Best, Tobias

          (0) 
            1. Martin Loitz

              Hi Karthik,

              if you enter the transaction name in the transaction window, you always need to prefix the name with /n, e.g. /n/LOGWIN/LOGANALYZER. This generally applies to transactions that belong to an own namespace. UI logging is delivered in namespace /LOGWIN/ and UI masking has namespace /UIM/.

              Best regards,

              Martin

              (0) 
              1. karthikeyan v

                Hi Martin,

                I have installed LOGCOM and LOGGUI component .I’m able to launch only  some tcodes .

                /LOGWIN/TSF_TO_EXT

                /LOGWIN/CL_DATA_HANDLER

                I’m unable launch below tcodes

                /LOGWIN/IMG

                /LOGWIN/PARAM – Global Parameters for UI Logging of SAP GUI –

                /LOGWIN/CMP_CNF – Configuration for SAPGUI

                /LOGWIN/MAP_FLD – Field Mapping

                /LOGWIN/MAP_FLDT – Field Mapping Texts

                /LOGWIN/MAPVIEW – Mapping for Views

                /LOGWIN/MAPVIEWT – Mapping for View Texts

                In spro,I tried to edit configure field mapping i’m unable to add new entries,Please help me.

                Thanks,

                Karthik

                (0) 
                1. Shahid Mohammed Syed Post author

                  Please check configuration section in the blog. The mentioned are tables not tcodes.

                  You need first configure transaction code in UI logging and then run the generate entries program.

                  (0) 
                  1. karthikeyan v

                    Hi Shahid,

                    Thanks for your help.

                    I have configured UI logging as you mentioned .when ever i check the log in /n/LOGWIN/SHOW_TSF_RST it is showing in error status.I’m not getting full output only getting SID and client number.

                    Please provide steps for CCms implementation for auto triggering mail if any change made in the particular tcode.

                    Error while encrypting field TCODE of table /LOGWIN/LOG_NV_H of record 0050568512611EE5968D5666A45032E5

                    Technical Data

                    Message type__________ E (Error)
                    Message class_________ /LOGWIN/SERV_LOG_MSG (Messages for SAP GUI Logging)
                    Message number________ 189
                    Message variable 1____ TCODE
                    Message variable 2____ /LOGWIN/LOG_NV_H
                    Message variable 3____ 0050568512611EE5968D5666A45032E5
                    Message variable 4____

                    Message Attributes


                    *****************************************************************************************

                    **************************************  OUTPUT  ******************************************

                    *****************************************************************************************

                    SAP_SYSTEM=SID

                    SAP_CLIENT=200

                    CCMS configuration i’m getting below error

                    SID\Service Logging Context(EHC)\…: No method

                    assigned

                    Thanks,

                    karthik

                    (0) 

Leave a Reply