Kontakt

Ansicht
Dokumentation

SECM_LOG_2_ESP - SECM: Push Logs to SAP Streaming

SECM_LOG_2_ESP - SECM: Push Logs to SAP Streaming

ROGBILLS - Synchronize billing plans   General Material Data  
This documentation is copyright by SAP AG.
SAP E-Book

Purpose

Use this report to push the log data from the logs configured in table SECM_LOGS to the streaming component, for example, SAP Smart Data Streaming. Set this report to run regularly with a batch job. We recommend that you run this report once per minute. The streaming component then sends this data to SAP HANA to be consumed by SAP Enterprise Threat Detection.

You can also use this report to test the connection between SAP NetWeaver Application Server (SAP NetWeaver AS) and the streaming component.

You can also use this report to collect statistics. The results of this can be viewed using the report SECM_LOGS_STATS. In this case, no log data is acually sent, but you will get the overview of the log data volume that would be sent. You can use these statistics to learn about the sizing requirements of your streaming component. For more information, see SECM_LOGS_STATS, which is also available through F1 from the report.

Integration

Prerequisites

  • You have configured your SAP Enterprise Threat Detection landscape.
This configuration includes the installation and configuration of the streaming component to receive the log data. To send data in a compressed format, you must have installed an extension to the web service of the streaming component.
For more information, see http://help.sap.com/sapetd.
  • You have enabled the logs you want to send to the streaming component in table SECM_LOGS.
For more information, see SECM_LOGS.
  • You have configured the connection from SAP NetWeaver AS to the streaming component in report SECM_CONFIGURATION.
For more information, see the report documentation.
  • To receive e-mail notifications in case of error, you have configured SAPconnect to send e-mails from SAP NetWeaver AS.

Features

Selection

Standard Variants

Output

The SECM_LOG_2_ESP report does not send the complete logs to the streaming component, but rather chunks of log entries. How much is sent depends on how much time has passed since SECM_LOG_2_ESP was last run and the configuration for the specific logs in table SECM_LOGS. SECM_LOG_2_ESP follows the following principles:

  • SECM_LOG_2_ESP always ignores log entries made in the last 5 sec. SECM_LOG_2_ESP sends these log entries in the next run.
  • SECM_LOG_2_ESP only sends new entries and not entries it has already sent.
  • When you run SECM_LOG_2_ESP for the very first time, the report sends the log entries made in the last 5 minutes.
  • For all runs of SECM_LOG_2_ESP after the initial run, the report checks table SECM_LOGS for the maximum span of time from which the report can send log entries. Configure the time span for each log individually in table SECM_LOGS.
For example, you run SECM_LOG_2_ESP every minute. You have configured SECM_LOGS to consider no log entries older than 86,400 sec (1 day) for the system log. You stop the batch job that runs SECM_LOG_2_ESP on Friday night. On Monday morning, when SECM_LOG_2_ESP runs again, the report only sends log entries no older than 24 hours (1 day) old. You are missing the log entries made from Friday night to Sunday morning.
If those logs from Sunday morning to Monday morning are not so important to you, reset the time stamps. SECM_LOG_2_ESP then only considers log entries from the last 5 minutes.
To reset the time stamps, use report SECM_CONFIGURATION.
For more information, see SECM_CONFIGURATION.

SECM_LOG_2_ESP is also capable of skipping logs locked by previous runs of SECM_LOG_2_ESP. For example, if SECM_LOG_2_ESP is still sending the system log when the next run of SECM_LOG_2_ESP starts, the second run of SECM_LOG_2_ESP skips the system log. The next run of SECM_LOG_2_ESP sends the new entries of the system log.

Activities

  1. Select the configuration ID.
If you select more than one configuration, the report shows the configuration data for the first configuration ID in the list.
Change this data in report SECM_CONFIGURATION.
  1. Enter the connection information for the streaming workspace and project.
For more information, contact the administrator of the streaming component in your system landscape.
  1. Determine if you want to push the current log data manually or test the configuration of the connection.
To test the configuration of the connection, choose the Ping Streaming Server option.
To collect statistics, choose the Collect Statistics option. This function does not send any data to SAP Enterprise Threat Detection, but it provides information about the data volume that would have been sent. See the results of this simulation in report SECM_LOGS_STATS.
  1. Determine if you want to send the data synchronously.
If you send the data synchronously, the report sends the log data, one log after the other, waiting for each transmission to be completed.
To speed up the transmission rate of the log data, use asynchronous processing to spread the transmission of data over multiple RFC processes. Using more RFC processes reduces the system resources available to other applications. To use asynchronous processing, enter an RFC group and the number of RFC processes to use.
For the transmission of Business Transaction Log, you can use the processing type distributed. This option divides and sends the log data as small chunks.
  1. Determine if you want to send e-mail notifications when an error occurs.
If report SECM_LOG_2_ESP encounters a problem during the transmission of log data, the application sends an e-mail over SAPconnect to the mail recipients you configure here. Configure the sender and sender display name, for example, Do_not_reply@_ABAP_Log_Provider_for_ETD.
  1. Determine which logs to send to SAP Enterprise Threat Detection.
Choose from any of the logs enabled in table SECM_LOGS. If no logs are selected, all enabled logs are sent.
  1. Execute the report.
The report shows the result of the push attempt. If you added e-mail notification and an error occurred the report sends an e-mail to the addresses you entered.

Example






General Material Data   Vendor Master (General Section)  
This documentation is copyright by SAP AG.

Length: 7780 Date: 20240520 Time: 110807     sap01-206 ( 127 ms )