3 weeks ago
I have refered https://community.sap.com/t5/application-development-blog-posts/analysis-and-recommended-settings-of...
but its about 2014, I m receiving different logs.. how can i get information from my new logs.. or is there any updation you have?
As you can see in your record, it starts with "5" which corresponds to the field SLGFTYP in the blog post you mentioned (https://community.sap.com/t5/application-development-blog-posts/analysis-and-recommended-settings-of...), but is not one of the possible values "q" and "2".
I describe below the meaning of SLGFTYP = "5".
The data below is from what I see in one audit file (/usr/sap/SID/D01/log/xxxxxxxxxx.AUD) in my ABAP 7.58 system.
5SAL_SAP_19720607_000000_FFFFFFFFFFFF0BD7989C274D93028B5C747968FC85BC004CEC60D665F68CBEC0D06EEFBCC096003
I don't know what mean these 104 characters. Skip them?
5AU220240409000013003636800022B1050100000008XXXX498400000008RSBTCRTE000000000005B&2&A0088F32F71FAA5694A08EE9623F37DCC22999B549AAE362CBDD3F99E7802CD418DEE003
5AU2
2024040900001300 date time "00"
36368 Operating system process number?
00022 workprocess number
B1 workprocess type
050 mandant
1 file number?
0000 length of short terminal name + short terminal name??
0008XXXX4984 length of user name + user name
0000 length of transaction code + transaction code
0008RSBTCRTE length of program name + program name
0000 length of long terminal name + long terminal name
0000 length of Last Address Routed + Last Address Routed
0005B&2&A length of variables + variables (separated with &)
0088 offset of last character of this field with offset of 5AU2 considered zero (e.g. total of 89 characters from start of 5AU2 up to this offset field included, and offset of next field starts at 89)
F32F71FAA5694A08EE9623F37DCC22999B549AAE362CBDD3F99E7802CD418DEE Variable message data (64 characters)
003 ??
Date 09.04.2024
Time 00:00:13
Client 050
SysLog msg. group AU
Message Identifier AU2
Sub-name 2
User XXXX4984
ABAP Source RSBTCRTE
Audit Log Message Logon failed (reason=2, type=B, method=A)
First Variable Value for Event B
Second Variable Value for Event 2
Third Variable Value for Event A
Audit Class Dialog Logon
Criticality H
Message Severity High
File Number 1
SAP process B1
Work Process Number 022
5CUZ20240409001516003635100005D505010008xxxxst060006SM_SMY00000008SAPMSSY10020xxxxst0663.xxxxsap.a0011xx.xx.20.830011DBTABLOG&0301310C0D1EC53E3B3C32016B1EB0CF62D3E9B3F04314877C06E37FBB56EDB4445DD3003
5CUZ
2024040900151600 date time "00"
36351 Operating system process number?
00005 workprocess number
D5 workprocess type
050 mandant
1 file number?
0008xxxxst06 length of short terminal name + short terminal name??
0006SM_SMY length of user name + user name
0000 length of transaction code + transaction code
0008SAPMSSY1 length of program name + program name
0020xxxxst0663.xxxxsap.a length of long terminal name + long terminal name
0011xx.xx.20.83 length of Last Address Routed + Last Address Routed
0011DBTABLOG&03 length of variables + variables (separated with &)
0131 offset of last character of this field with offset of 5CUZ considered zero (e.g. total of 131 characters from start of 5CUZ up to this offset field included, and offset of next field starts at 132)
0C0D1EC53E3B3C32016B1EB0CF62D3E9B3F04314877C06E37FBB56EDB4445DD3 Variable message data (64 characters)
003 ??
Date 09.04.2024
Time 00:15:16
Client 050
SysLog msg. group CU
Message Identifier CUZ
Sub-name Z
User SM_SMY
Terminal Name xxxxst0663.xxxxsap.a
Last Address Routed xx.xx.20.83
ABAP Source SAPMSSY1
Audit Log Message Generic table access by RFC to DBTABLOG with activity 03
First Variable Value for Event DBTABLOG
Second Variable Value for Event 03
Audit Class RFC Function Call
Criticality H
Message Severity High
File Number 1
SAP process D5
Work Process Number 005
5BU420240409000013003637000024B1600100000004DDIC0004S0000020FIN_EDI_EXTRACT_ADVC000000000006-&G!&-0101053D316789EF7C633B09A4779077787A911DAE3F48BB478754DBB92E8AA99D2F003
5BU4
2024040900001300 date time "00"
36370 Operating system process number?
00024 workprocess number
B1 workprocess type
600 mandant
1 file number?
0000 length of short terminal name + short terminal name??
0004DDIC length of user name + user name
0004S000 length of transaction code + transaction code
0020FIN_EDI_EXTRACT_ADVC length of program name + program name
0000 length of long terminal name + long terminal name
0000 length of Last Address Routed + Last Address Routed
0006-&G!&- length of variables + variables (separated with &)
0101 offset of last character of this field with offset of 5CUZ considered zero (e.g. total of 131 characters from start of 5CUZ up to this offset field included, and offset of next field starts at 132)
053D316789EF7C633B09A4779077787A911DAE3F48BB478754DBB92E8AA99D2F Variable message data (64 characters)
003 ??
Date 09.04.2024
Time 00:00:13
Client 600
SysLog msg. group BU
Message Identifier BU4
Sub-name 4
User DDIC
Started by Application S000
ABAP Source FIN_EDI_EXTRACT_ADVC
Event number within a second 7
Audit Log Message Dynamic ABAP code: Event -, event type G!, check total -
First Variable Value for Event -
Second Variable Value for Event G!
Third Variable Value for Event -
Audit Class Other Events
Criticality L
Message Severity Low
File Number 1
SAP process B1
Work Process Number 024
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sandra,
Thank u for this deep explanation, I need more clarity on some areas
what is 0000 - length of ?? + ?? . This u have mentioned.. what is the meaning of that?
And in this doc, https://community.sap.com/t5/application-development-blog-posts/analysis-and-recommended-settings-of...
every field has a defined length ,but u have here described with variable lengths, does this occurs in the latest version of sap?? Bcoz in this doc,its mentioned as
variable message has 64 bits,program has 40 like that.. and follows an order.. and here is there any order.. if possible can u provide a table like this.. so that i would be more helpful
FieldSub-fieldLengthDescription
SLGTYPE | SysLog: LIKE structure RSLGETYP | ||
SLGFTYP | 1 | Entry type: "q" = version 1 without field SLGLTRM2, "2" = version 2 including field SLGLTRM2 | |
AREA | 2 | Message area | |
SUBID | 1 | Message name | |
SLGDATTIM | Time stamp (CHAR 16) | ||
DATE | 8 | Date in format YYYYMMDD | |
TIME | 6 | Time in format hhmmss | |
DUMMY | 2 | not used | |
SLGPROC | SysLog: LIKE RSLGPID structure | ||
UNIXPID | 5 | Process ID | |
TASKTNO | 5 | Task | |
SLGTTYP | 2 | Process type (short form) | |
SLGLTRM | 8 | Terminal name (truncated) | |
SLGUSER | 12 | User name | |
SLGTC | 20 | Transaction | |
SLGREPNA | 40 | Program | |
SLGMAND | 3 | Client | |
SLGMODE | 1 | External mode of an SAP dialog | |
SLGDATA | 64 | Variable message data | |
SLGLTRM2 | 20 | Terminal name (continued), only available if SLGFTYP=2 |
I understand @Sandra_Rossi .. But i hope u saw the table which has the fields with a standard length... and in this new format log you said the length is variying.. and i m taking in a way that the fields doesn't have standard or maximum length.. like if a username name means it may length upto some value...
Hi, as discussed earlier
053D316789EF7C633B09A4779077787A911DAE3F48BB478754DBB92E8AA99D2F003 Variable message data (64 characters) i can get the 64 character of message data by excluding 003 ... and this value is occuring in all logs.. so can i take 64 characters excluding this
and offset value is how calculated.. because its mentioned 0131 including this... but the actual length is 132
The ABAP type STRING can be any length, so it should not be a problem to not know the limit. I guess you may consider the length limit of the fields as defined by RSAUENTR2, but I don't know if it's true for all the fields (it is at least true for user, program name, transaction code, client). Thanks for the feedback about my error concerning the variable message data.
Concerning the variable message data length (e.g. 0131), you're correct, it's what I tried to explain. Anyway, this length is useless to decode the file.
As you can see in your record, it starts with "5" which corresponds to the field SLGFTYP in the blog post you mentioned (https://community.sap.com/t5/application-development-blog-posts/analysis-and-recommended-settings-of...), but is not one of the possible values "q" and "2".
I describe below the meaning of SLGFTYP = "5".
The data is from what I see in one audit file (/usr/sap/SID/D01/log/xxxxxxxxxx.AUD) in my ABAP 7.58 system.
5SAL_SAP_19720607_000000_FFFFFFFFFFFF0BD7989C274D93028B5C747968FC85BC004CEC60D665F68CBEC0D06EEFBCC096003
5AU220240409000013003636800022B1050100000008XXXX498400000008RSBTCRTE000000000005B&2&A0088F32F71FAA5694A08EE9623F37DCC22999B549AAE362CBDD3F99E7802CD418DEE003
5AU2
2024040900001300 date time "00"
36368 Operating system process number?
00022 workprocess number
B1 workprocess type
050 mandant
1 file number?
0000 length of short terminal name + short terminal name??
0008XXXX4984 length of user name + user name
0000 length of ?? + ??
0008RSBTCRTE length of program name + program name
0000 length of long terminal name + long terminal name
0000 length of ?? + ??
0005B&2&A variables separated with &
0088 offset of last character of this field with offset of 5AU2 considered zero (e.g. total of 89 characters from start of 5AU2 up to this offset field included, and offset of next field starts at 89)
F32F71FAA5694A08EE9623F37DCC22999B549AAE362CBDD3F99E7802CD418DEE003 64 characters
Date 09.04.2024
Time 00:00:13
Client 050
SysLog msg. group AU
Message Identifier AU2
Sub-name 2
User XXXX4984
ABAP Source RSBTCRTE
Audit Log Message Logon failed (reason=2, type=B, method=A)
First Variable Value for Event B
Second Variable Value for Event 2
Third Variable Value for Event A
Audit Class Dialog Logon
Criticality H
Message Severity High
File Number 1
SAP process B1
Work Process Number 022
5CUZ20240409001516003635100005D505010008xxxxst060006SM_SMY00000008SAPMSSY10020xxxxst0663.xxxxsap.a0011xx.xx.20.830011DBTABLOG&0301310C0D1EC53E3B3C32016B1EB0CF62D3E9B3F04314877C06E37FBB56EDB4445DD3003
5CUZ
2024040900151600 date time "00"
36351 Operating system process number?
00005 workprocess number
D5 workprocess type
050 mandant
1 file number?
0008xxxxst06 length of short terminal name + short terminal name??
0006SM_SMY length of user name + user name
0000 length of ?? + ??
0008SAPMSSY1 length of program name + program name
0020xxxxst0663.xxxxsap.a length of long terminal name + long terminal name
0011xx.xx.20.83 length of Last Address Routed + Last Address Routed
0011DBTABLOG&03
0131 offset of last character of this field with offset of 5CUZ considered zero (e.g. total of 131 characters from start of 5CUZ up to this offset field included, and offset of next field starts at 132)
0C0D1EC53E3B3C32016B1EB0CF62D3E9B3F04314877C06E37FBB56EDB4445DD3003
Date 09.04.2024
Time 00:15:16
Client 050
SysLog msg. group CU
Message Identifier CUZ
Sub-name Z
User SM_SMY
Terminal Name xxxxst0663.xxxxsap.a
Last Address Routed xx.xx.20.83
ABAP Source SAPMSSY1
Audit Log Message Generic table access by RFC to DBTABLOG with activity 03
First Variable Value for Event DBTABLOG
Second Variable Value for Event 03
Audit Class RFC Function Call
Criticality H
Message Severity High
File Number 1
SAP process D5
Work Process Number 005
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hii team, my query is why the log pattern differs from the blog post... Is there any changes regarding this
FieldSub-fieldLengthDescription
SLGTYPE | SysLog: LIKE structure RSLGETYP | ||
SLGFTYP | 1 | Entry type: "q" = version 1 without field SLGLTRM2, "2" = version 2 including field SLGLTRM2 | |
AREA | 2 | Message area | |
SUBID | 1 | Message name | |
SLGDATTIM | Time stamp (CHAR 16) | ||
DATE | 8 | Date in format YYYYMMDD | |
TIME | 6 | Time in format hhmmss | |
DUMMY | 2 | not used | |
SLGPROC | SysLog: LIKE RSLGPID structure | ||
UNIXPID | 5 | Process ID | |
TASKTNO | 5 | Task | |
SLGTTYP | 2 | Process type (short form) | |
SLGLTRM | 8 | Terminal name (truncated) | |
SLGUSER | 12 | User name | |
SLGTC | 20 | Transaction | |
SLGREPNA | 40 | Program | |
SLGMAND | 3 | Client | |
SLGMODE | 1 | External mode of an SAP dialog | |
SLGDATA | 64 | Variable message data | |
SLGLTRM2 | 20 | Terminal name (continued), only available if SLGFTYP=2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
5AU120240328000051002678400060B3100100000005BASIS0004S0000008RSBTCRTE000000000005B&0&A008910F235B11EB31624C68A74FB7ED6E413E59900DFD8963838A9EC16B543B2CB39003
this is the log i am getting..
but in the post the mentioned log likes
2AU520130409010803000505200009D9a234ba.pDOKUSTAR SAPMSSY1 0201R&0 h020co.pt.com
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
7 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.