Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

GRC FF log_ In-proper Firefighter logoff

Former Member

on ‎2016 Apr 04 2:40 PM

0 Likes
4,342

Dear ERM experts,

    There is a strange issue occurs with the Firefighter log report. Generally, Controllers have been receiving the Firefighter log report when the Firefighter users logoff from the Firefighter access which is good and works without any issues.

    The problem here is, the controllers have not been receiving the Firefighter log report when the Firefighter users disconnect from the Firefighter access due to the network issues. It means, If the Firefighter user does not logoff properly from the firefighter access then the system is unable to captured the log report and send to the controllers in GRC.

    Using ST03N tcode, I am able to see what tcodes that the firefighter id executed in the back end system but GRC is unable to capture the logreport from the back end system and fails to send the report to the controllers. Could you please help on the issue? Thank you!

    Thank you very much in advance!

Thanks,

Priya

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

plaban_sahoo6
Contributor
‎2016 Apr 05 5:32 AM
0 Likes

Hi,

it is a misconception that, notification is sent, when FF logs off. So, whether it is proper log off or improper, log off does not send notification.

FYI, SAP provides parameters, for notification, while logging in

BR

plaban

Show replies
Show replies
Former Member
‎2016 Apr 15 4:55 PM
0 Likes

Hi Plaban,

  But this is the issue that I am facing. Firefighter log report is going to the controller some time but not going all the time. Some time GRC unable to send the log report to the controller. I did the synchronization for Firefighter log report, but some reports are not getting capture in GRC.

Thanks,

Priya

Former Member
‎2016 Apr 16 2:55 AM
0 Likes

Hello Priya Tella,

Did you check if the rfc user is the back end has access to the authorization S_TOOLS_EX?


Please Check the Time Zone Settings?

Did you Check the Logs in SLG1?

Regards,

Deepak M


Former Member
‎2016 Jul 01 3:18 PM
0 Likes

Hi Rakesh,

  yes, I have seen and RFC users have the authorization S_TOOLS_EX.

  No Logs at SLG1

  Time Zone is correct.

I have checked GRACFFLOG table and found that the log item is going but not going every time.

  The below screen shot has taken for a single plugin system for the same user. At Workflow_sent column (X - Went the log report for controller) but the empty fields logs are not going to the controller.

Thanks,

Priya

Former Member
‎2016 Jul 02 9:14 AM
0 Likes

Hi Priya,

Can you let us know your version and SP Level?

Kindly check if any of the below Notes will help

2013288 - Firefighter log review Workflows is not getting generated sometime


2060165 - GRC EAM: Some of the firefighter log review workflows are not being generated


1959891 - GRC EAM: Log review workflows are not getting triggered



Also, in your screenshot the WORKFLOW_SENT column without X can be a blank FF session.

If you have set parameter 4020 to NO then the WF will not be triggered for these blank sessions.


Set 4020 to YES(4009 should also be YES) and check if the WF is triggered for blank sessions as well.


As a work around you can use the program GRAC_EAM_LOG_SYNC_TIMEBASED for re-triggering the missing workflows.


Regards,

Manju





Former Member
‎2016 Jul 20 11:02 AM
0 Likes

Hi Manjunath,

  Thank you for the reply! I have seen that when the firefighter user logoff from the Firefighter id, some times in the back ground the session is still running. In the below screen shot, the user logoff was recorded after 1 day. At the end, controller is not receiving the log item.

  Conclusion: Controller is not receiving the log item when there is an improper logoff happened. Also the program is not helping GRAC_EAM_LOG_SUNC_TIMEBASED to get the log report in this kind of situation.

   Could you please suggest on how to over come this issue?

Thanks,

Priya

Former Member
‎2016 Jul 20 11:26 AM
0 Likes

Hello Priya,

Log are captured and sent only if session is identified using sync job.

if a session is not captured then it will not be sent.

kill the session in target system and run sync job.

Regards,

Prasant

Former Member
‎2016 Jul 20 12:00 PM
0 Likes

Hi Priya,

For these cases can you run the program "GRAC_FFID_LOGIN_STATUS_UPDATE" for unlocking the locked FF sessions.

Then , run the FF log sync and FF WF sync(if parameter 4007 is set to NO) and check if the logs are sent to the controller.

Regards,

Manju

Former Member
‎2016 Jul 20 12:35 PM
0 Likes

Hi Manju,

  Thank you for the reply! No, this program is not supporting the issue. 

  Is there any other solution for the issue? Thank you!

Thanks,

Priya

Former Member
‎2016 Jul 21 3:19 PM
0 Likes

Hi Priya,

As the FF sessions are not closed properly SAP assumes the FFID's are still in use.


You will have to clear such sessions and then run the FF log sync job

Regards,

Manju

Ask a Question