Simple Diagnostic Agent Log Configuration – Enabling Debugging for Troubleshooting…

In case of data collection issues you will need to troubleshoot Simple Diagnostic agent logs .

In some cases you might need to get further details after you see an error message in the standard SDA logs in Agent Internals. In such cases you will need to enable application specific logging. E.g. activate debug logging in order to analyze issues with a specific application or component of the SDA

For E.g.: You saw an error in agent internals like

2019-08-15 15:48:01,696 ERROR [MAI FRD 5] division by zero

In this case, you will want to put to debug this class:

Following Application components of SDA for which logging can be enabled.

Application / ComponentName (Column in Log Configuration Dialog)

To enable logging you can follow the following steps.

Step 1 : Open Agent Administration in Focused Run Launchpad.

Step 2: Select the agent/host for which you want to enable logs in Debug, on the option Agent Action select “Open Log Configuration” and click on Go.

In the next dialog screen enter the application classes for which you want to enable debug as shown below. After entering the classes click on Save.

In the next execution, the Agent logs will present more details.

You can collect the log files by selecting the Option Download Log File and then click on Go. It will download all SDA logs in a zip file to your desktop/laptop.

Note: Do not forget to remove the log configurations after downloading the logfiles.

Reference SAP Note 2696231 – How to set the Simple Diagnostic Agent to debug.

Hotnews note 3145987…

Unfortunately SAP had to release hotnews OSS note 3145987 – [CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0). More background can be found in that note and in the Q&A note: 3148440 – Q&A for SAP Security Note 3145987.

What is the problem?

From the note “The Simple Diagnostics Agent 1.0 (up to version 1.57.*) does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify or delete sensitive information and configurations.”.

What to do to fix it?

The fix is two steps:

1. Update the host agent to version 7.22 PL55 or later as a prerequisite (see OSS note 3113553 – SAP Host Agent 7.22 PL55)

2. After step 1 update the SDA (simple diagnostics agent) to version 1.58.0 or later (see OSS note 3113553 – SAP Host Agent 7.22 PL55). You can do a mass deployment using the Agent Mass Update tile.

How to monitor the follow up?

Open the Self monitoring FIORI tile:

Click on the SDA icon on the left:

Check that all versions are ok:

Deploying Simple Diagnostic Agents on Managed Systems…

Deploying Simple Diagnostic Agents (SDA) on Managed System hosts is a prerequisite to performing Simple System Integration (SSI) of Managed systems on focused run system.

The SDA is installed/deployed as an add-on to the SAP host agent. Hence it’s mandatory to install SAP Host Agent on each host of the managed system which needs to be monitored by SAP Focused Run System.

The deployment of the SDA on the managed system system host is carried out from the SAP Focused Run system itself.

Below steps need to be performed for deploying SDAs on managed system hosts.

Download binaries from marketplace

Download the latest version of the binaries SDA and SAP JRE (Java Runtime Environment) from SAP Support Portal as follows:

  • Go to Software Downloads – SAP ONE Support Launchpad
  • Select tab Support Packages & Patches –> By Category –> SAP Technology Components –> Focused Run –> Focused Run 3.0 –> Downloads –> Comprised Software Component Versions
  • Download from SAP JRE 8.1 and SIMPLE DIAGNOSTICS AGENT 1.0

Following platforms are supported

  • HP-UX on IA64
  • Linux on Power BE & LE
  • Linux x86_64
  • Oracle Solaris SPARC
  • Oracle Solaris x86
  • Microsoft Windows Server on x86_64

You can find all information regarding latest available version of SDA and its compatible JRE version in SAP Note 2369401 – Release Note for Simple Diagnostics Agent 1.0

Upload Binaries onto SAP Focused Run system

Upload the binaries to SAP Focused Run, by running the report SRSM_AMA_UPLOAD_BINARY, with transaction SA38.

Upon completion of the upload you will see the below output.

Deploy SDA on Managed system host

Register Managed system host on Focused Run system: Before you can deploy SDA on managed system host, the host has to be registered to the Focused Run System. For this execute the following script at OS level as sapadm user from folder /user/sap/hostctrl/exe

./saphostctrl -function ConfigureOutsideDiscovery -enable -sldusername FRN_LDDS_FRS -sldpassword xxxxxxxxxx -sldhost <hostname of FRUN system> -sldport <http/https port of FRUN system>

./saphostctrl  -function  ExecuteOutsideDiscovery -sldreg

Upon executing the above commands at host level, you can see the host listed in Agent Administration of Focused Run system. Navigate to the Agent Administration app in the Infrastructure Administration block of the Focused Run launchpad.

  • In the Agent Administration App, select the host for which you want to deploy the SDA, select Install/Update Agent and click on Go.

  • Upon completion of the deployment, you will see the agent version listed in the Diagnostic Agent Version column.

  • After SDA installation/update is successful you also need to configure the agent. This will enable the agent to receive monitoring definitions from the focused run systems as well as enable Self Monitoring of the agent.

  • Upon completion of configuration, you will see green icon under availability column. Also Configuration status updated to Confirmed.

You need to follow the same steps for installing and configuring agents on all application server hosts as well as database hosts of the managed system.

Note: You should perform the Simple System Integration of a managed system only after you install and configure agents on all its hosts. You can also list hosts and their agent status of a particular managed system in the By Technical System tab of the Agent Administration app.