Cloud Service - Built-in Checks
Here you will find detailed information about Built-in checks for Cloud monitored objects.
Built-in checks are deployed automatically for a monitored object type. Once Avantra has detected a specific monitored object, each of the relevant built-in checks will be auto-deployed to the agent to begin check execution and status reporting. Built-in checks can be configured using Monitoring Parameters (e.g. to set threshold values) and can also be disabled if they are not relevant to your landscape.
CPI_CertificateUserMappingExpiration
This check displays any user mapping certificates that are within the defined expiration window (default is 120 days).
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Full |
| Depends on | AGENTALIVE |
| Monitoring Parameters | CPICUMapExpirationThreshold |
CPI_JMSMessageQueues
The values in the check match the JMS Resources overview (accessed via Overview / Manage Message Queues monitor. Select Check to execute the consistency checks. Then Details). The list of the critical queues is provided in the check output. There are no monitoring parameters for this check.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Basic |
| Depends on | AGENTALIVE |
| Monitoring Parameters | None |
CPI_KeystoreExpiration
This check displays any keystore certificates that are within the defined expiration window (default is 120 days).
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Full |
| Depends on | AGENTALIVE |
| Monitoring Parameters | CPIKeystoresExpirationThreshold, and CPIKeystoreExpirationIgnore |
CPI_MessageLogs
CPI_MessageLogs checks the SAP Cloud Integration message log for all failed messages over a period of time (default is 21 days) where the statuses is ESCALATED or FAILED.
As of Avantra 25.0, this check is deprecated and has been replaced by the custom check SCI_MessageLogs.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Basic |
| Depends on | RFCCONNECT |
| Monitoring Parameters | None |
SCC_BackendConnections
As of SCC version 2.15.0, this check reads the list of all back-end systems connected to the SAP Cloud Connector and gets detailed information for each connection.
For release 25.0, this check replaces SCC_OpenConnections and is only available for Avantra Agents 25.0 and above.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Basic |
| Depends on | SCC_HealthCheck |
| Monitoring Parameters | SCCSubaccountExclude, SCCBackendConnectionsWarn, and SCCBackendConnectionsCrit |
SCC_CertificateStatus
This check retrieves the information about the certificate status on SAP Cloud Connector (SCC) to check the validity of the certificates used.
Avantra supports this check with SAP Cloud Connector 2.14.0 or higher.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Full |
| Depends on | SCC_HealthCheck |
| Monitoring Parameters | SCCCertificateStatusCrit, SCCCertificateIncludeUICert, SCCSubaccountExclude, and SCCCertificateStatusWarn |
SCC_CloudConnections
This RealTime Monitoring check monitors open connections for service channels (connections to the cloud). Check results provide information for any open connections.
SAP Cloud Connector version >= 2.15.0 is required for this check.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Basic |
| Depends on | SCC_HealthCheck |
| Monitoring Parameters | SCCSubaccountExclude, SCCCloudConnectionsWarn, and SCCCloudConnectionsCrit |
SCC_HealthCheck
This check verifies that the Cloud Connector is up and running. The purpose of this health check is only to verify that the Cloud Connector is not down.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Basic |
| Depends on | AGENTALIVE |
| Monitoring Parameters | None |
SCC_Subaccounts
As of SCC version 2.10.0, this check lists all subaccounts connected to SAP Cloud Connector.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Basic |
| Depends on | SCC_HealthCheck |
| Monitoring Parameters | SCCSubaccountExclude |
SCC_TopTimeConsumers
As of SCC version 2.11.0, this check displays the data of top time consumers provided by the Cloud Connector performance monitor.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Basic |
| Depends on | SCC_HealthCheck |
| Monitoring Parameters | SCCSubaccountExclude, SCCTopTimeGlobalWarn, SCCTopTimeGlobalCrit, and SCCTopTimeSpecificThresholds |
SCC_OpenConnections
As of SCC version 2.15.0, this check reads the list of all back-end systems connected to the SAP Cloud Connector and gets detailed information for each connection.
This check is only available for Avantra Agents version < 25.0. For Agents >= 25.0, this check has been replaced by SCC_BackendConnections.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Basic |
| Depends on | SCC_HealthCheck |
| Monitoring Parameters | SCCOpenConnectionsCountWarn and SCCOpenConnectionsCountCrit |
SCC_MemoryStatus
This check monitors the memory usage in SAP Cloud Connector (SCC). The SCC API is used to retrieve the physical, virtual, and heap memory used / free counts.
Avantra supports this check with API v2.14.0 and higher.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Basic |
| Depends on | SCC_HealthCheck |
| Monitoring Parameters | SCCMemoryPhysicalWarn, SCCMemoryPhysicalCrit, SCCMemoryVirtualWarn, SCCMemoryVirtualCrit, SCCMemoryHeapWarn, and SCCMemoryHeapCrit |
SCC_PerformanceMonitor
As of SCC version 2.10.0, this check reads the data provided by the Cloud Connector performance monitor.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Basic |
| Depends on | SCC_HealthCheck |
| Monitoring Parameters | None |
SO_Connect
If Avantra can connect to the cloud service, then SO_Connect is OK and a message showing that the connect attempt was successful is shown.
If Avantra cannot connect, the check turns to Warning or Critical with an error message.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | (../../Glossary/#check-cycle) |
| Depends on | AGENTALIVE |
| Monitoring Parameters | None |
S4PubApplicationJobStat
This check monitors the list of Application Jobs that have run in the last 60 minutes.
Warning and Critical status thresholds can be set for:
- The number of aborted jobs, and how long to watch got aborted jobs.
- The number of delayed jobs.
- The time a job was delayed for.
Additional configuration includes an upper limit to the number of jobs to include in the check results, exclusion of jobs from aborted and delayed jobs monitoring, and exclusion of job users from aborted and delayed jobs monitoring.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Full |
| Depends on | |
| Monitoring Parameters | JobAbortCountCrit, JobAbortCountWarn, JobAbortExclude, JobAbortTimespan, JobDelayedCountCrit, JobDelayedCountWarn, JobDelayedExclude, JobMaxSelect, JobDelayedTimeCrit, JobDelayedTimeWarn, JobUsersExclude |
S4PubClientCertValidity
This check monitors certificates that are seen in the app Maintain Client Certificate. For information on the Maintain Client Certificate app, see SAP S/4HANA Cloud Public Edition Documentation - Maintain Client Certificates. Warning and Critical check statuses can be set to trigger when the number of days until expiration of a certificate is less than defined thresholds.
The check can also be configured to ignore expired certificates if they remain expired for more than a defined number of days, and to exclude a list of certificate names from being monitored.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Full |
| Depends on | AGENTALIVE |
| Monitoring Parameters | S4PubClientCertValidityWarn, S4PubClientCertValidityCrit, S4PubClientCertValidityIgnore, and S4PubClientCertValidityExclude |
S4PubContentSecurityPolicy
This check verifies that the Content Security Policy is enables in SAP S/4HANA Public Cloud. If not enabled, it will give instructions on how to enable the policy. If the policy is configured insecurely with HTTPS or Wildcards, the check will return a warning.
The check can be configured to allow for Wildcards and/or HTTP by using monitoring parameters.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Full |
| Depends on | AGENTALIVE |
| Monitoring Parameters | S4PubContentSecurityPolicyAllowWildcard, and S4PubContentSecurityPolicyAllowHTTP |
S4PubCriticalAuthCount
This check is used to monitor the users with critical authorizations.
A user with critical authorizations is defined as one with any business role that contains any business catalog that is also in the SAP standard SAP_BR_ADMINISTRATOR role in the monitored system.
The check is configurable for Warning and Critical status alerts for when the number of users with critical roles reaches certain thresholds, as well as configuring any catalogs or roles for the check to ignore.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Full |
| Depends on | AGENTALIVE |
| Monitoring Parameters | S4PubCriticalAuthUserCountWarn, S4PubCriticalAuthUserCountCrit, S4PubCriticalAuthCatalogsIgnore, and S4PubCriticalAuthRolesIgnore |
S4PubCriticalAuthRecent
This check is used to monitor the users with critical authorizations that have been modified.
A user with critical authorizations is defined as one with any business role that contains any business catalog that is also in the SAP standard SAP_BR_ADMINISTRATOR role in the monitored system.
The check is configurable so that you can:
- Limit the number of days the check will look back to search for users with modified critical authorizations.
- Configure roles and/or catalogs to ignore.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Daily |
| Depends on | |
| Monitoring Parameters | S4PubCriticalAuthRecentDaysBack, S4PubCriticalAuthRecentCatalogIgnore, S4PubCriticalAuthRecentRolesIgnore |
S4PubFailedLogons
This check records the number of failed logons that have occurred within the last hour, compares to the previous hours average over the past week, and alert if the number of failed logons are to high. Additionally, the check can alert for higher than average or higher than an absolute value of failed logons per hour.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Basic |
| Depends on | AGENTALIVE |
| Monitoring Parameters | S4PubFailedLogonDefaultCrit, S4PubFailedLogonDefaultWarn, S4PubFailedLogonAutoAverage, S4PubFailedLogonAutoCrit, and S4PubFailedLogonAutoWarn |
S4PubFioriAvailability
This check is required to connect Avantra to the S/4HANA Cloud Public Edition login page (for manual login). Additionally it confirms valid redirection to the SAP Cloud Identity Services, checks that a suitable login screen is provided, and records the time taken for redirection in milliseconds.
Monitoring parameters can be configured to alert if login times go above specific thresholds.
If the redirect fails for any reason, the check status is set to Critical with an error message displayed. If an IAS is unavailable, the check status is set to Warning with an error message displayed.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Basic |
| Depends on | AGENTALIVE |
| Monitoring Parameters | S4PubFioriAvailabilityResponseCrit, and S4PubFioriAvailabilityResponseWarn |
S4PubInactiveUsers
This check monitors users who are active, that is not locked and in validity date, but have not logged in recently. The number of days to look back for inactive users is configurable.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Full |
| Depends on | AGENTALIVE |
| Monitoring Parameters | S4PubInactiveUsersDaysBack |
S4PubSigningCertValidity
This check verifies certificates that are in the Signing Certificates list in SAP S/4HANA, and will return status alerts for any certificates are are near or past their expiration date.
The check can be configured to ignore expired certificates once they are older than a threshold. It can also be configured to exclude a list of certificates from being monitored.
Signing certificates are found in the Fiori App Communication Systems under SAML 2.0 Identity Provider and SAML Bearer Assertion Provider, and the relevant Communication Systems for each certificate are highlighted in the check result.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Full |
| Depends on | AGENTALIVE |
| Monitoring Parameters | S4PubSigningCertValidityWarn, S4PubSigningCertValidityCrit, S4PubSigningCertValidityIgnore, and S4PubSigningCertValidityExclude |
S4PubWorkload
This check monitors workload metrics so they can be used for analytics. Three sub-results are returned:
- User Logon Activity, as a table. This includes API, human, and failed logons.
- Transaction Start Activity, as a table. This is activity over the last 24 hours.
- Fiori App Start, as a simple table. This is activity over the last 24 hours.
The check can be configured for how you wish to have the results for logons displayed. You can select from:
- A detailed list.
- A summary of unique logons.
- A summary, separated into categories.
This check populates data in the Performance tab.
Reference Data
| Managed System | Cloud Services |
| Check Cycle | Daily |
| Depends on | |
| Monitoring Parameters | S4PubWorkloadLogonOutput |