What is Logged? (SAP Library)

What is Logged?

Entries in the log file

Each entry in the log file has the following format:

Example

The parts of the log file entries are described in more detail below:

Timestamp	Includes time zone (UTC)
Severity	Info = Low Warning = Medium Error = High Fatal = Very High
Actor	The logged in user or <systemuser> if no user was logged in (optional).
Event	Consists of a category (such as USER, LOGIN, ACL) and an action (such as CREATE, DELETE).
ObjectType	The type of object involved in the event, for example, USER, USERACCOUNT, ROLE, GROUP, PRINCIPIAL or NONE
ObjectID	Unique ID of the object. Only the object IDs of users, groups, UME roles, and user accounts can be displayed. For all other objects, only a hash value is available.
ObjectName	Human readable description of the object (optional). Only the object names of users, groups, UME roles, and user accounts can be displayed. Object names of other objects are not available.
Details	Additional information as a comma-separated list of key=value pairs.

Events that are logged

The following table lists at which events an entry is made in the log file and provides details on what information is logged.

Event	Severity	Object ID	Details
Principal modification
User creation	Medium	The new user	Company ID
User creation	Low	The new user	All user attributes
User account creation	High	The new user account	Assigned user ID
Group creation	High	The new group	Assigned users and groups
Role creation	High	The new role	Assigned users and groups Assigned actions
User modification	Medium	The modified user	If user was assigned to a company: Company ID
User modification	Low	The modified user	All changed user attributes
User account modification	High	The modified user account	Password was changed (Forced to change / Success / Failed: Reason) User was locked (reason) User was unlocked Certificate was modified
Group modification	High	The modified group	If group members were modified: Added or removed users and groups
Role modification	High	The modified role	If role members were modified: Added or removed users and groups If actions were modified: Added or removed actions
User deletion	Medium	The deleted user	(no details)
User account deletion	High	The deleted user account	Assigned user ID
Group deletion	High	The deleted group	(no details)
Role deletion	High	The deleted role	(no details)
User mapping
User mapping creation	Medium	The mapped user	System alias Remote user ID Type (whether a user or administrator performed the mapping)
User mapping modification	Medium	The mapped user	System alias Remote user ID
User mapping deletion	Medium	The mapped user	System alias Remote user ID
User mapping usage	Medium	The mapped user	System alias Remote user ID
Login/Logoff
Successful user logon	Medium	The used user account	User ID Logon method/ Authentication scheme IP address
Failed user logon	High	The used user account	User ID Logon method/ Authentication scheme IP address Reason why logon failed (wrong password, user locked, …)
User logoff	Medium	The used user account	(no details)
Permission (checking)
ACL creation	High	The object for which the ACL was created	Owner
ACL modification	High	The object whose ACL was modified	Added or removed owners Added or removed ACEs (access control entries): (Principle, Permission) Changed object ID
ACL deletion	High	The object to which the ACL was assigned	(no details)
Access violation or access denied	Very high	The object the user wanted to access (if available)	Permission the user would have needed to access the object
Access granted	Low	The object the user accessed (if available)	Permission that was needed to access the object
Configuration
Customizing	High	“Properties”	At start up of J2EE Engine: All customized properties with their values Otherwise: Changed properties