Monitoring rejected/denied gateway server program with TechMon

Hello,

here i want to show you an easy way for monitoring of rejected registration attemps from server programs to the RFC gateway using Solman TechMon.

If reginfo/secinfo is well maintained, only the defined TPs should be allowed to register on the GW. Not defined programs will be rejected and logged in gw_log* Files located in the WORK Dir of the instance. Using GW SIM mode the attempt is succesfull but also logged in gw_log.

Use cases: security monitoring, establishing reginof/secinfo, fast detection and alerting of rejected interfaces,..

Prerequisites

gw/logging Parameter: The Actions “SZ” must be in the List of logged Actions and SWITCHTF shoudl be set to day – Example

gw/logging = ACTION=SZ LOGFILE=gw_log-%y-%m-%d SWITCHTF=day MAXSIZEKB=1000

Technical Monitoring Config

In this example is use Solman 7.2, recent SPS.

The first step is to create a custom metric in template on technical instance level. This step will be not covered in detailed here. For the metric i used the following config:

The data collection is done with the sap provided collector “File Text Pattern Search”.

I used the following input parameter:

DATEPATTERN = yyyy-MM-dd
DELTA_READ = False
ENCODING = UTF-8
FILEPATTERN = \Qgw_log-$TODAY$\E
FOLDER = \Q$INSTANCE_FULL_PATH$/work\E
MONITOR_NEWEST_FILES = 20
SEARCHPATTERN = .*reginfo denied.*|.*secinfo denied.*|.*no rule found.*
SHOW_MATCHES = FALSE

The interesing part is the parameter SEARCHPATTERN – i use a simple regex for matching the strings which indicate a denied connection attempt. Even when sim mode is on (no rule found).

Then you can set the threshold as you like – i set mine to numeric threshols GREE/RED >= 1 Error.

Conclusion:

I have shown you how to use the simple “File Text Pattern Search” collector for realizing this log-file check. It is very easy to setup and you can use it platform independent. In my case this was very helpful for rolling out the gateway security for a lot of systems, especially when there was no sim mode available.

References:

https://help.sap.com/viewer/c413647f87a54db59d18cb074ce3dafd/7.2.09/en-US/4ff127f90760436b80d6fb3a97ebf4c2.html

2257249 – How to use File Text Pattern Search for File Monitoring in Technical Monitoring