here i want to show you an easy way for monitoring of rejected registration attemps from server programs to the RFC gateway using Solman TechMon.
If reginfo/secinfo is well maintained, only the defined TPs should be allowed to register on the GW. Not defined programs will be rejected and logged in gw_log* Files located in the WORK Dir of the instance. Using GW SIM mode the attempt is succesfull but also logged in gw_log.
Use cases: security monitoring, establishing reginof/secinfo, fast detection and alerting of rejected interfaces,..
gw/logging Parameter: The Actions “SZ” must be in the List of logged Actions and SWITCHTF shoudl be set to day – Example
gw/logging = ACTION=SZ LOGFILE=gw_log-%y-%m-%d SWITCHTF=day MAXSIZEKB=1000
Technical Monitoring Config
In this example is use Solman 7.2, recent SPS.
The first step is to create a custom metric in template on technical instance level. This step will be not covered in detailed here. For the metric i used the following config:
The data collection is done with the sap provided collector “File Text Pattern Search”.
I used the following input parameter:
DATEPATTERN = yyyy-MM-dd
DELTA_READ = False
ENCODING = UTF-8
FILEPATTERN = \Qgw_log-$TODAY$\E
FOLDER = \Q$INSTANCE_FULL_PATH$/work\E
MONITOR_NEWEST_FILES = 20
SEARCHPATTERN = .*reginfo denied.*|.*secinfo denied.*|.*no rule found.*
SHOW_MATCHES = FALSE
The interesing part is the parameter SEARCHPATTERN – i use a simple regex for matching the strings which indicate a denied connection attempt. Even when sim mode is on (no rule found).
Then you can set the threshold as you like – i set mine to numeric threshols GREE/RED >= 1 Error.
I have shown you how to use the simple “File Text Pattern Search” collector for realizing this log-file check. It is very easy to setup and you can use it platform independent. In my case this was very helpful for rolling out the gateway security for a lot of systems, especially when there was no sim mode available.
2257249 – How to use File Text Pattern Search for File Monitoring in Technical Monitoring