cancel
Showing results for 
Search instead for 
Did you mean: 

Transport - Add to buffer logs

issac_khan2
Explorer
0 Kudos

Hello Everyone,

I was wondering if anyone knows how/where to look for logs of who added a transport to a buffer.  Someone is manually adding transports into system buffers they shouldn't be in and I would like to find out who it is.  I looked through the transport logs, slog & alogs and the only information I can find is when it was added to the buffer but not by who.  Please help me find this guy who is trying to ruin my life.

Thanks,

Issac

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member185239
Active Contributor
0 Kudos

Hi Issac,

You may see the information for any transport in details in TMS Alert Viewer.

http://help.sap.com/saphelp_sm32/helpdata/en/5f/a065b4b9d811d2b433006094b9ea64/frameset.htm

But if the transport is added to buffer from OS level , <sid>adm will be the user recorded in SLOG.

If it is added from STMS it will show the user in SLOG.

With Regards

Ashutosh Chaturvedi

Former Member
0 Kudos

HI,

If added through sap.

Check for the ULOG in the transport directory

sidadm       20130921122803 RFC: tp ADDTOBUFFER SIDKXXXX SID clientXXX pf=/usr/sap/trans/bin/TP_DOMAIN_SID.PFL -Dtransdir=/usr/sap/trans  (pid=XXXX)

Search for the SLOG for that particular transport no related to the time 20130921122807.

In the Slog you will be able to see how it added via TMSADM or SID that imported it and the request got added as it was forwarded due to the configuration of the transport .

Please also check the transport route what system is before that system whose buffer you are checking.

Was that transport imported in the earlier system and the request was forwarded to the system next to it.

Try to check if up can find the pid=XXXX in the workprocess or SM59 trace.

Thanks

Rishi Abrol

JPReyes
Active Contributor
0 Kudos

There is 2 avenues to update the buffer, STMS and tp commands directly from OS...  If done from STMS then and you know the time of the addtobuffer command, you can check STAD or SM20 for the culprit... if it was done at OS level unfortunately the SLOG capture only the user (usually <sid>adm) which will force you to think who else in your team has access to it an or maybe you should consider restricting the access.

Regards, Juan