Category: Focused Run Setup

Creating a Custom Metric to Check SAPRouter SNC Certificate Expiry

This metric and script checks the SAPRouter SNC certificate expiry and gives an alert depending on how many days left until expiry.

Define SAProuter in Focused Run LMDB

Prerequisite: Make sure you have installed the SAP Host Agent and performed Outside Discovery on the SAPRouter host.

Go to the LMDB of you Focused Run system, then go to Single Customer Network:

Switch Namespace and go to “Technical Systems” and choose “Unspecific Standalone Application System” from the drop-down, then hit Create.

Enter:

Enter the Extended SID:

Add Software Component Version:

Search on the software, and then select the correct release, then Add. E.g.:

Save

Add Installation Path and Required LMDB Attributes. NOTE: Find out the relevant software installation path of the SAPRouter on the server.

Perform Simple System Integration

Configure Script and Custom SAPHostCtrl Operation

Prerequisite: The script requires the SAPRouter SNC Certificate to be properly installed, and the PSE credentials in the cred_v2 file for the account that runs the SAPRouter service.

A script is scheduled to run daily as the same user that runs the SAPRouter service. The script reads the expiry date of the from the PSE and writes it to a file in JSON format so that the FRUN metric can read and interpret it. The script by default has SAPRouter home directory as /usr/sap/saprouter or <drive>:\usr\sap\saprouter, and it can be changed. This will be denoted as <SAPROUTER_HOME>. The PSE file variable can also be changed.

Linux/Unix

Create a new executable file in the SAPRouter home directory and copy the code in Appendix A. Ensure it is owned and executable by the user that runs the SAPRouter service and belongs to group sapsys. E.g.,

chown <saprouter user>:sapsys saprouter_expiry_days.sh
chmod 744 saprouter_expiry_days.sh

In the script, adjust the following variables:

  • SAPROUTER_HOME
  • SECUDIR (The SECUDIR folder is where the PSE file resides)
  • SAPROUTER_USER
  • PSE

Test the Script. Switch to the user that runs the SAPRouter service, then execute the script:

/usr/sap/saprouter/saprouter_expiry_days.sh

Look for file NUMDAYS.json. It should contain e.g.:

{type:integer, name:NumDays, value:136}

Schedule script in the root crontab as follows:

# Run SAProuter SNC Certificate expiry check
00 09 * * * su - <saprouter user> -c /usr/sap/saprouter/saprouter_expiry_days.sh

Windows

Create a batch file (*.bat) in the SAPRouter home directory. In the script, adjust the following variables:

  • SAPROUTER_HOME
  • SECUDIR (The SECUDIR folder is where the PSE file resides)
  • PSE

Test the Script. Logon as the user that runs the SAPRouter service. Right-click on the bat script and “run as Administrator”. Alternatively, if you are not logged as the SAPRouter service account, you can “run-as” the user that runs the SAPRouter service and execute the script that way.

runas /user:<domain or hostname>\<SAPRouter service user> <SAPROUTER_HOME>\saprouter_expiry_days.bat

NOTE: The SAPRouter service user requires “Allow log on locally” user rights.

Look for file NUMDAYS.json. It should contain e.g.:

{type:integer, name:NumDays, value:136}

Schedule the Script. Open a command prompt as administrator. Execute the command:

SCHTASKS /CREATE /RU <DOMAIN>\<saprouter user> /RP <password> /SC DAILY /TN "Run SAPRouter SNC Certificate expiry check" /TR "C:\Windows\System32\cmd.exe /C \"<SAPROUTER_HOME>\saprouter_expiry_days.bat\"" /ST 09:00 /RL HIGHEST

Note: The start time e.g., 09:00 is in 24 hour format. You should see:

Run the new task to test it:

SCHTASKS /RUN /TN "Run SAPRouter SNC Certificate expiry check"

You should see:

Check the timestamp of the file NUMDAYS.json.

Create Custom Operation for saphostctrl

To load these values into Focused Run, a custom operation for saphostctrl needs to be created.

Linux/Unix

As Root: Create the following custom operations conf file:

/usr/sap/hostctrl/exe/operations.d/checksnccert.conf

Enter the following into the conf file:

Command: cat /usr/sap/saprouter/NUMDAYS.json
Description: Check number of days to SNC certificate expiry
ResultConverter: flat
Platform: Unix

Test the custom operation as follows:

/usr/sap/hostctrl/exe/saphostctrl -function ExecuteOperation -name checksnccert

Result should be:

Webmethod returned successfully
Operation ID: 06C635D6863A1EEDB6BC5C819EE199D7

----- Response data ----
description=Check number of days to SNC certificate expiry
{type:integer, name:NumDays, value:169}
exitcode=0

Windows

Create the following custom operations conf file:

C:\Program Files\SAP\hostctrl\exe\operations.d\checksnccert.conf

Enter the following into the conf file:

Command: FOR /F "tokens=* delims=" %x in (<SAPROUTER_HOME>\NUMDAYS.json) DO @echo %x
Description: Check number of days to SNC certificate expiry
ResultConverter: flat
Platform: Windows

In a Command Prompt as Administrator, test the custom operation as follows:

"C:\Program Files\SAP\hostctrl\exe\saphostctrl" -function ExecuteOperation -name checksnccert

Result should be:

Webmethod returned successfully
Operation ID: 00155D657F901EEDBCF9E32BC564F964

----- Response data ----
description=Check number of days to SNC certificate expiry
{type:integer, name:NumDays, value:360}
exitcode=0

Create Custom Alert in Focused Run

Create a new monitoring template for SAPRouter here:

Enter into Expert Mode. Create a new Alert with the following settings:

NOTE: If the tick box “Do not Group Individual Occurrences” is ticked, it will alert at each data collection regardless of its previous rating, and not only at a change of rating.

Create Custom Metric In Focused Run

Create a new Metric with the following settings:

Data Collection

All parameters of the Data Collector which are fixed should have the “Configure” box unticked, and the common parameters pre-filled with the correct values.

The “Custom Operation” parameter is the saphostctrl operation “checksnccert” created earlier. The “Metric Name” parameter is the name of the metric in the JSON output file produced by the script, which is “NumDays”.

Usage

Threshold

The threshold picks up the integer as returned by the script; if it falls to below or equals 10 days, then raise a yellow alert, if below or equals 5 days, then raise a red alert. Choose whatever threshold values suit you.

Assignment

Assign the Metric to the Alert:

Activate the Alert

Apply SAPRouter Template and Check Monitoring

TIP: Initially set the collection interval to 5 minutes and apply template to see whether it is collecting data. Then you can set the collection interval back to daily.

You should see this in the Monitoring Application:

Appendix A: saprouter_expiry_days.sh

#!/bin/bash
# Outputs the expiry date of the SNC Certificate and calculates the number of days
# If the number of days falls below threshold, it sends an alert
# Written by Tony Swietochowski

SAPROUTER_USER=saprouter
SAPROUTER_HOME=/usr/sap/saprouter
SECUDIR=$SAPROUTER_HOME/sec
PSE=local.pse
HOSTNAME=$(hostname -f)

# Check  for saprouter user
[[ ! "$USER"=="$SAPROUTER_USER" ]] && echo "This script must be run using the $SAPROUTER_USER user. Exiting." && exit 1

EXPIRYDATE=$(${SAPROUTER_HOME}/sapgenpse get_my_name -p $PSE -n validity 2>&1 | grep NotAfter | awk -F\( '{print$2}' | cut -c -6)
NUMDAYS=$(echo $(( ($(echo $(date --date="$EXPIRYDATE" +%s) - $(date -d $(date +%y%m%d) +%s)) )/86400 )))
# Above method based on https://stackoverflow.com/questions/4946785/how-to-find-the-difference-in-days-between-two-dates

echo $NUMDAYS > $SAPROUTER_HOME/NUMDAYS
echo \{type:integer, name:NumDays, value:$NUMDAYS\} > $SAPROUTER_HOME/NUMDAYS.json

Appendix B: saprouter_expiry_days.bat

@echo off

REM Outputs the expiry date of the SNC Certificate and calculates the number of days
REM If the number of days falls below threshold, it sends an alert
REM Written by Tony Swietochowski

set SAPROUTER_HOME=D:\usr\sap\saprouter
set SECUDIR=%SAPROUTER_HOME%\sec
set SNC_LIB=%SECUDIR%\sapcrypto.dll
set PSE=local.pse

for /f "tokens=2 delims=\" %%i in ('whoami') do set THISUSER=%%i
FOR /F "tokens=* USEBACKQ" %%F IN (`hostname`) DO (SET HOSTNAME=%%F)

chdir /d %SAPROUTER_HOME%

for /f "tokens=2 delims=(" %%a in ('%SAPROUTER_HOME%\sapgenpse.exe get_my_name -p %PSE% -n validity ^2^>^&^1 ^| findstr /l "NotAfter"') do set DATESTRING=(%%a

set expiry_year=20%DATESTRING:~1,2%
set expiry_month=%DATESTRING:~3,2%
set expiry_day=%DATESTRING:~5,2%

set current_year=%date:~-4%
set current_month=%date:~4,2%
set current_day=%date:~7,2%

set "from=%current_month%-%current_day%-%current_year%"
set "to=%expiry_month%-%expiry_day%-%expiry_year%"
echo Wscript.Echo DateDiff("d", "%from%", "%to%") > %TEMP%\tmp.vbs

for /f %%a in ('cscript /nologo %TEMP%\tmp.vbs') do set /a "numdays=%%a"

del %TEMP%\tmp.vbs

echo Number of days to SAPRouter certificate expiry: %numdays% > %SAPROUTER_HOME%\NUMDAYS.log
echo {type:integer, name:NumDays, value:%numdays%} > %SAPROUTER_HOME%\NUMDAYS.json

Technical data clean up in SAP Focused Run…

For the licenses of SAP Focused Run, you do housekeeping. There are also technical tables that might grow fast in SAP Focused Run that will consume memory in your HANA database.

Fast growing table LMDB_P_CHANGELOG

See OSS note 2610122 – Cleaning up the change history in the LMDB: run program RLMDB_CLEAR_CHANGELOG.

Fast growing SISE_LOG table

Run program SISE_LOG_DELETE to clean up SISE_LOG table. See OSS note 2984789 – Scenario F4-help not working for SISE_LOG_DELETE report.

Idoc and PI monitoring data fast growing

If you get too much data for idoc monitoring, apply OSS note 3241688 – Category wise table cleanup report (IDOC, PI). This note delivers program /IMA/TABLE_CLEANUP_REPORT for clean up.

Invalid entries in MAI_UDM_PATHS

If table MAI_UDM_PATHS is getting large, follow the instructions from OSS note 3030652 – Cleanup invalid entries from database table mai_udm_paths to clean up. It is explained in more detail in OSS note 3250729 – Housekeeping for metric paths.

Alerting on Critical Metrics Turning Grey…

It is essential to activate alerting on critical metrics turning grey in order to avoid missing critical issue not getting detected by Focused Run.

Since SAP Focused Run 3.0 FP2 , a new metric has been added to the self monitoring template in System Monitoring, the Grey Metrics metric measure what percentage of critical metrics in Grey.

This metric by default uses threshold 30% for Yellow and 70% for Red rating. You can change this threshold to show red if value crosses more than 1% so that if there are any critical metric that is in grey then alert is raised.

Note: This metric considers only those metrics which are marked as critical in Self Monitoring app. The percentage is calculated based on how many metrics out of the metrics designated as critical metrics in Self Monitoring app are in Grey.

To designate a metric as critical metric navigate to Self Monitoring App in Focused Run launchpad –> Infrastructure Administration.

In the Self Monitoring app navigate to MAI Data Quality.

In the Overview screen select the Managed System type to go to its details screen.

In the Details page it shows list of systems with their critical metrics that are in grey. To modify the list of designated critical metrics click on the chnage button.

In the new popup use the text search button to enter the text of the metric you want to add to the list.

Finally click on the “+” button and then click on close to save the added metric in the critical metric list.

Now the added metric will be considered as critical metric while calculating % of Grey Metrics.

Hotnews note 3145987…

Unfortunately SAP had to release hotnews OSS note 3145987 – [CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0). More background can be found in that note and in the Q&A note: 3148440 – Q&A for SAP Security Note 3145987.

What is the problem?

From the note “The Simple Diagnostics Agent 1.0 (up to version 1.57.*) does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify or delete sensitive information and configurations.”.

What to do to fix it?

The fix is two steps:

1. Update the host agent to version 7.22 PL55 or later as a prerequisite (see OSS note 3113553 – SAP Host Agent 7.22 PL55)

2. After step 1 update the SDA (simple diagnostics agent) to version 1.58.0 or later (see OSS note 3113553 – SAP Host Agent 7.22 PL55). You can do a mass deployment using the Agent Mass Update tile.

How to monitor the follow up?

Open the Self monitoring FIORI tile:

Click on the SDA icon on the left:

Check that all versions are ok:

Identifying all grey metric in System Monitoring…

In SAP Focused Run there is no standard mechanism to identify and display all grey metrics in System Monitoring, a grey metric can cause critical situations not being captured and alerted in monitoring hence we need to monitor such grey metrics.

In this blog we explain how you can list all the grey metrics by directly reading from database tables that store the monitoring data.

Focused Run system monitoring metric aggregate data is stored in table AEM_METRIC_AGGR. We can filter on metric status = Grey to see the list of grey metrics.

Open the table in transaction SE16:

Increase the width and no of hits and click on execute

Now you have all the data that you can export to an excel sheet. For this select the following menu option.

Select file type as Text with Tabs.

Provide the path and filename to save the file and then click on Generate button.

Now open the .txt file in MS Excel.

In the Home tab select option for filtering as shown below

Now set the following filter for the column LAST_RAT

Now you will get the list of all grey metrics as shown below.

Note: The Context_ID value will give you the ID of the managed object, Metrtric_type_ID will give you the ID of the metric name and the Last_text will give you the return text of the last data collection which will give you the reason for grey metric.

In order to get the managed object name and metric type you can use the following in transaction MAI_TOOLS –> Metric Event Alert Details.

In the selection screen for Managed Object ID enter the Context ID from the excel and for Metric Type ID enter the same from the excel. Also select the checkboxes as shown below and execute.

Now you will get the info on the Template as well as the Metric name which is currently in grey.

SAP instructions

You can also check the instructions from SAP in OSS note 2859574 – How to list all current Grey Metrics in FRUN.

Alerting on important grey metrics

If a critical metric turns grey (meaning it can be good, or bad), you can set a specific alert when this happens. For example Oracle system in stalled mode might turn grey in stead of red. In this case grey is the same as red: system will not work.

For setup instructions: read this dedicated blog.

Housekeeping in SAP Focused Run…

Housekeeping in SAP Focused Run is needed for 3 reasons:

  1. Keep performance high
  2. Reduce data footprint on the database
  3. Stay within the licensed volume (see more on licenses of SAP Focused Run in this blog)

Questions that will be answered in this blog are:

  • Which housekeeping settings can I make in SAP Focused Run?

Housekeeping for alert and event management

For alert and event management housekeeping program AEM_HOUSEKEEPING should be running in batch:

Housekeeping for system analysis and root cause analysis

For system analysis housekeeping schedule program SRAF_LOG_HOUSEKEEPING and WEA_AGG_STORE_PARTITIONING. For root cause analysis schedule program RCA_HOUSEKEEPING.

Detailed settings for RCA housekeeping are done in table RCA_HKCONFIG. You can maintain this table with SM30:

Housekeeping for application integration monitoring

For application integration monitoring housekeeping schedule program /IMA/HOUSEKEEPING for older releases and /IMA/HOUSEKEEPING_NEW for FRUN 3.0 FP01 onwards.

In the tile for integration monitoring you maintain the detailed settings and retention periods:

Press the change button to alter the data retention periods towards your need:

Housekeeping for EWA data

For EWA data housekeeping schedule program FRUN_DELETE_SERVICE_DATA:

Important year: default 1 year of EWA data is kept. If you need more, increase the days kept. If you want to clean up more, you can reduce the days.

Housekeeping for health monitoring

For health monitoring housekeeping, schedule program OCM_HOUSEKEEPING.

Housekeeping for statistical records

For housekeeping of statistical records, schedule program AI_STATRAGG_HOUSEKEEPING:

Housekeeping for work mode management

For housekeeping of work mode management, schedule program WMM_HOUSEKEEPING:

Housekeeping for security and configuration validation

In the Configuration and configuration analytics Administration tile, choose the configuration icon:

Here you can set the retention period.

Technical clean up

The above describes the housekeeping for Focused Run objects. If you also want to perform a technical clean up, read this dedicated blog.

Decommissioning Managed Systems…

We need to perform decommissioning of a managed system if

1. The managed system itself has been decommissioned or

2. The managed system is not required to be monitored in the Focused Run system anymore.

Case 1: Managed System is Decommissioned

Step 1: The first step of decommissioning would be to disconnect the Simple Diagnostic Agent from the Focused Run system. For this you can directly uninstall the Host Agent.

You can uninstall by running the following command at OS level

  • UNIX, IBM i: ./saphostexec -uninstall
  • Windows: saphostexec.exe -uninstall

Step 2: Deactivate all monitoring for managed system in Focused Run system

For this in transaction SA38 execute report RSRSM_SSI_CLEANUP

  1. Select a Customer Network
  2. Go to the Cleanup Technical System tab
  3. Select a Technical System
  4. Select the option to Cleanup unused hosts
  5. Press Delete Selected Objects
Case 2: Managed System is not required to be monitored in the Focused Run System

Step 1: You have to ensure the managed system is no more sending landscape data to the Focused Run system. For this disable all SLD data suppliers for the technical system. (In case of ABAP systems its in transaction RZ70 and in case of Java systems its the Data Supplier settings in the NWA.)

Step 2: Disable outside discovery for all hosts of the technical system by executing the following command.

  • UNIX, IBM i: ./saphostctrl -function ConfigureOutsideDiscovery -disable
  • Windows: saphostctrl.exe -function ConfigureOutsideDiscovery -disable

Step 3: Execute the decommissioning report RSRSM_SSI_CLEANUP as mentioned in step 2 of case 1.

For further details you can refer to SAP documentation here.

In addition to the above two cases, you might need to decommission system if the system is being migrated or upgraded to a different or higher version. For example migrating a standard ECC system to S4HANA. Instead of adjusting the monitoring of existing system, you decommission the system and then reconnect the system to Focused Run system. In our future blog we will explain how to decommission in such cases.

Upgrading SAP Focused Run…

All new functions and innovations for SAP Focused Run are delivered in either upgrades or feature packs. This blog will explain how to plan and execute upgrade for SAP Focused Run.

Questions that will be answered in this blog are:

  • What is the SAP Focused Run release strategy?
  • How to prepare for the SAP Focused Run upgrade?
  • How do I execute the SAP Focused Run upgrade?

Release strategy of SAP Focused Run

In the SAP Focused Run overview document created by SAP there is one slide containing the SAP Focused Run release strategy:

All new functions and innovations are delivered in either upgrades or feature packs.

Preparations for SAP Focused Run upgrade

First look up the specific upgrade OSS note. In case of upgrade to Focused Run 3.0 SP02 these are OSS notes 3116196 – Release Information Note for Focused Run 3.0 FP02 and 3127574 – Focused Run 3.0 Feature Pack 02 – Update Preparation and Postprocessing Documentation.

In this note you will find:

  • HANA database version needed
  • Needed versions of the SDA (simple diagnostics agent)
  • Scenario specific pre and post actions required
  • Updates to authorizations in SAP Focused Run
  • Updates to authorizations in the connected systems
  • Pre upgrade and post upgrade actions to be performed

The HANA database can be upgraded before the actual upgrade or can be combined with the upgrade. The same applies for the SDA agent.

Best practice is to execute the HANA and SDA upgrades before. Upgrade your Focused Run test system first, leave the versions there for a few weeks to prove stability, then deploy on productive Focused Run system.

In case of changes to authorizations in the connected systems, you can already update these before the upgrade.

In case you use custom descriptions in the metrics, you must download them before the upgrade and upload them again after the upgrade. More information in OSS note 3077162 – Backup and Restore of MAI Custom description BEFORE and AFTER system Update/Upgrade.

ZDO upgrade option

As of Focused Run 3.0 you have the choice to go for a ZDO (Zero Downtime Option) upgrade to reduce the downtime of the upgrade.

Read the following notes carefully before deciding to go for this option:

Executing the SAP Focused Run upgrade

Start your upgrade first on your SAP Focused Run development system and write down all the steps you execute. You will need to repeat all steps in your productive system later on.

During the technical upgrade, you will have to perform with the SUM tool, you will need to execute the SPDD and SPAU technical upgrade actions. Store the actions in transport to be used in productive upgrade. After SPUA is done, also apply the updated collective notes listed in the central note 3116196 – Release Information Note for Focused Run 3.0 FP02.

After the technical upgrade has been completed, follow and document carefully all the steps in the OSS upgrade note. For example running extra tasks lists, programs, redo SSI for JAVA, etc.

It can also be you come across items and issues that are not documented in the OSS note. Please write them down in your own runbook for production. When upgrading to SAP Focused Run 3.0 we found that the standard jobs are switched to the technical job repository SJOBREPO (since the 3.0 ABAP stack is based on the S4HANA 1909 version).

Apply all collective notes for all functions you are using. The collective note numbers are listed in the Release Information Note.

After the documented steps, update the authorizations in SAP Focused Run to get the new tiles for new functions available.

Rerun the task lists for the initial setup in STC01 (SAP_FRUN_SETUP_FOUNDATION and SAP_FRUN_SETUP_USECASE) with the variants of the use cases that you are using.

Update the monitoring content according to OSS note 2991255 – Manual content update for FRUN-CONT 300 in SAP Focused Run (FRUN-CONT). For the steps in detail, read this blog.

Check in the upgrade manual if any SSI needs to be redone. This is often the case with JAVA systems.

Finally when all actions are done, refresh your browser cache and backend FIORI cache (follow all steps from this blog).

Testing

Before deploying the Focused Run upgrade in production, you must test all your functions in the Focused Run development system. It is very helpful if you have a set of documented test cases that you can easily repeat each upgrade. With testing first focus on testing the current functions you are using. In a later stage you can explore, activate and test new functions.

While testing you will find issues. Solutions are normally:

  • Updates in authorizations
  • OSS notes to be applied
  • SICF services and Gateway services activation
  • Forgotten step in the activation

Capture all fixes in either transports or in your runbook.

If you still have key issues with bugs, you will need to raise a message to SAP.

Focused Run license and usage…

SAP Focused Run is a licensed product. The metric is amount of GB stored in the application.

If you have more systems, more detailed metrics, with short measurement times and many functions, the more GB you will use.

Questions that will be answered in this blog are:

  • How to check the current license usage?
  • What drives the usage?
  • How can I get a cost estimate?
  • How can I create a business case for Focused Run?

Checking the license usage

In SE38 start program FRUN_USAGE_UPDATE:

Now you can see which Focused Run function uses how many MB’s.

What drives the usage?

Usage is driven by:

Getting a cost estimate

Your SAP account manager or the Focused Run team in Germany can give you a good cost estimate. Material number for Focused Run in the price list is 7019453.

Input for cost estimate: sizes and numbers of systems, functions of Focused Run you want to deploy, and the retention period of the data.

Output: cost estimate.

Creating the business case

The business case has 2 aspects:

  • Cost: infrastructure, license, implementation
  • Benefits

Benefits is easier to quantify if your IT service is more mature.

Elements to consider:

  • How much does an hour of outage cost on your main ECC or S4HANA core system? For lager companies, this is easily 10.000 Euro per hour or more.
  • How much does your complaint handling cost per ticket?
  • How much time is currently spent on manual monitoring?

Benefits of Focused Run are then in avoiding half the outages by faster insights and reducing the outage costs. You cannot avoid all outages, but you can act faster.

Benefits of Focused Run are in improved clean up and issue solving. This will both reduce issues in your systems and reduce complaints and tickets you need to handle.

For larger system landscapes (more than 50 systems) the business case is quite easy to create and will be positive fast.

SAP Focused Run Rule Based Template Assignment…

Introduction

When we perform Simple System Integration (SSI) on a managed system , it automatically activates the SAP default monitoring template on the managed system. However, in most of the SAP Focused Run (FRUN) implementation scenarios, we create customer defined monitoring templates (Custom Templates), which we then manually assign/activate on the managed system.

Rule Based Template Assignment is a feature in FRUN by which we can define based on managed system category which custom monitoring template to be assigned and activated directly when we perform SSI on the managed system.

Defining Rule Based Template Assignment

For Rule Based Template Assignment navigate to the FIORI tile Individual Maintenance in the Advanced System Management section of FIORI launch-pad.

In the Individual Maintenance App navigate to the Rule Maintenance by clicking on the button as shown below.

In the Rule Rule Based Assignment Screen, on the left hand side panel, select the specific Managed Object type for which you want to define the Rule Based Template Assignment.

In this blog we take the example of defining a Rule Based Template Assignment for managed system of type SAP ABAP BASIS 7.10 and higher and specify the custom template for System Level monitoring template. So we select Technical Systems upon which the right side panel now gives a list of all product types. In the right side panel we scroll down and select SAP ABAP BASIS 7.10 and higher.

Now we need to define the Rule based on which the Custom Defined Template to be defined. In this blog we take the example that we have defined 2 custom templates one for Production Systems and one for Non Production Systems. So we will need to define rule to assign template based on filters System Type ABAP and IT Admin role defined in LMDB. For more information on this function read this blog.

In the subsequent screen select Maintain Rules.

In the Maintain Rule screen we select the following filters.

Name your Rule and Save.

Similarly you can create Rule ABAP Non production, just ensure to select the following IT Admin Roles.

Now back in the main screen select the Rule you created from the drop down.

And for Template select the custom template you want to select for the assignment.

Add the assignment.

Now click in Continue with Next Step button till you come to the Reconfiguration tab and then close. This will allow you to save your Rule Assignment.

Once you have assigned the ABAP Production and ABAP Non production rules in the main screen you will see the following assignments listed.

After the assignments done, the next time SSI performed on any ABAP system will take up the custom monitoring template as defined in these rules.

In Individual Maintenance system list you can also see whether current assignment is SAP default or Rule Based Template Assignment.