Skip to main content
Skip table of contents

HaloCORE Log Configuration

This section explains setting up a central log in your landscape.

Central Log Setup

In a multi-instance landscape, you can define where the HaloCORE log records should be stored. The following are possible:

  1. Local: the log is stored directly on each instance

  2. Remote: the log is saved via RFC on another instance

  3. Local + Remote: the log is saved both locally and on another instance

  4. Central: this is the central log instance; logs originating on this system are saved locally, and log entries from other instances are accepted and stored.

The following figure illustrates the SAP multi-instance landscape. In general, you need at least two systems for central logging. One will be a Decentral system that sends log data and the other will be a central system. It collects the log data from the other instance(s). This Central log instance ideally can be a system that is not transactionally used much as it has to withstand very high volumes of log from other instances. You must execute the following steps for central logging to work:

  1. Install HaloCORE Add-On on instances (Decentral system and Central system). 

  2. Set the logging parameters in each system.

  3. RFC connection

HaloCORE_Central Log Configuration.png

Central Log illustration

Central Log Storage

This allows concentrating all logs on a single central instance, for example, for reporting purposes. This central instance, for example, a Solution Manager, an SAP GRC instance, or any other NetWeaver-based SAP system. To read and write log entries to and from another SAP system, an RFC connection must be established between the sending system and the system where the log is to be saved.

Settings on Central System

On the SAP instance, which receives logs from one or more decentral systems, the following settings must be made:

Step 1: HaloCORE Log Configuration

  1. Call transaction /n/SECUDESD/CNF_LOG.

  2. Click Display −> Change icon to edit the table.

  3. Set the Log Mode as Central Log.

  4. Click Save to save your settings.

Step 2: Role Maintenance

  1. Call transaction PFCG.

  2. Create a role that allows RFC access to the log. The role must contain the following authorizations:

Auth. Object

Field

Value

S_RFC

RFC_TYPE FUGR

FUGR

RFC_NAME

/SECUDESD/HCLOG_RFC

ACTVT

16

J_9BSD_LDO

J_9BSD_LDO

AU: Display for all users
UN: Display user IDs/names

Authorizations for RFC connection

(You may use the sample role ZSD_SECUDE_REMOTE_LOG as a template for copying. You will find this as a text file in the folder "Authorizations"; upload it into PFCG, and then copy it to a role in your namespace.)

Step 3: User Maintenance

  1. Call transaction SU01.

  2. Create at least one user (of type "System") having the role described above. Ideally, you should create a dedicated user for each sending system.

Settings on Sending (Decentral) System

The following configuration must be made on a Decentral System:

Step 1: Configuration of RFC Connections

  1. Call transaction SM59.

  2. Define an RFC connection of type "ABAP Connection" that points to the Central System; in it, store the User ID you created in the previous step.

Step 2: HaloCORE Log Configuration

  1. Call transaction /n/SECUDESD/CNF_LOG.

  2. Click Display −> Change icon to edit the table.

  3. Set the Log Mode to "Remote" or "Local + Remote".

  4. Enter the RFC destination of the Central System that you created with the previous step in the RFC Destination text box.

  5. Define an identifier for this sending system on the Source System. Refer to the field help (F1) for more information.

  6. Only for forwarding logs to HaloENGINE, you need to use these two options − Send to HaloENGINE and Logical Port. For more details, refer to the “Forwarding Logs to the HaloENGINE” section. 

  7. Click Save to save your settings. 

    HaloCORE Log Configuration.png

    HaloCORE Log Configuration

The dashboard will only display data if the current machine is either set to "local", to "local + remote", or to "central log"; for "remote", there is no data locally that could be displayed.

Forwarding Logs to HaloENGINE 

The HaloCORE Add-On allows you to forward the log entries to the HaloCORE Central Log instance and the HaloENGINE. In the system landscape, a given NetWeaver system can only feed a Central Log or a HaloENGINE. If the Central Log instance and HaloENGINE are active and reachable, the log entries are forwarded in real-time. Otherwise, the logs are queued and can be resent later by using the program /SECUDESD/RESEND_LOG.   

Forwarding and resending logs to the HaloENGINE are not possible with the default (ABAP Classification) mode, hence this section can be ignored. 

Log Mode

To Central Log

To HaloENGINE

Local

No

Yes

Remote

Yes

No

Local + Remote

Yes

No

Central

No

Yes

Forwarding logs

Prerequisites: 

  1. The above table lists the possibilities of log forwarding.

  2. Monitor properties must be configured in the HaloENGINE. 

  3. A logical port must be created to forward logs. 

  4. In a large SAP landscape with a multitude of application servers, you need to import the certificate of each one of the application servers into HaloENGINE for SSL mutual authentication. Therefore, export your SAP certificate and add it to the HaloENGINE Admin Portal. To know how to get the SAP server certificate, please refer to the section "Exporting the SAP Certificate". 

Follow the below steps to forward the log entries: 

  1. Call transaction /n/SECUDESD/CNF_LOG.

    HaloENIGINE logical port.png

    HaloENIGINE logical port

  2. Click Display −> Change icon to edit the table.

  3. Set the Log Mode to Central or Local.

  4. Enter the system identifier in the Source System.

  5. In the case of HaloENGINE Classification mode, select Send to HaloENGINE check box. 

  6. Enter the name of the logical port of the central server’s audit interface in Logical Port.

  7. Click Save to save your settings.

Resend Queued Log Entries

This program allows reprocessing queued log records in the following methods: 

  1. To Central Log: This lets you resend the log entries that were locally queued when the RFC connection to the central log was unavailable. This program should run in a Source System that is configured as "Remote log".

  2. To HaloENGINE: lets you resend the log entries that were queued when the HaloENGINE was not reachable or not active.  

  3. Please note that replicating queued entries (whether entries are replicated at all, to which system they are sent, whether the locally stored records are kept or deleted) depends on the settings at the time of replication, not on those at the time of queuing.

Follow the below steps to resend the log entries: 

  1. Call transaction /n/SECUDESD/RESEND_LOG.

    Resend queued log entries.png

    Resend queued log entries

  2. Click To Central Log or To HaloENGINE

  3. Enter the maximum number of log entries you want to send in Maximum No. of Hits text box. By default, this value is set to 100. If you leave the field empty, all queued records will be processed.

  4. If you want to run the program in test mode, select Test Mode (no DB Update) check box.

  5. Click Execute or press F8.

  6. The forwarded log result will be displayed. 

    Log forwarded to HaloENGINE.png

    Log forwarded to HaloENGINE

GRC functionality dependency

All these log modes influence the GRC extensions. On systems that do not physically store the HaloCORE log (set as "Remote"), GRC integration is NOT possible. Therefore, we recommend you plan your GRC integration together with the logging and ideally use log modes "Local" or "Local + Remote".

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close