Reference: Custom Checks

This section contains a reference of all Custom Checks provided by Avantra.

There is some data common for all Custom Check types:

General Properties
Custom Check Type

The type of the Custom Check.

Custom Check Name

A Avantra wide unique name for the Custom Check. The following characters are not allowed: ' (single quote), / (forward slash), \ (backslash), : (colon), * (asterisk), ? (question mark), < (less than), > (greater than), | (pipe)

Custom Check Description

Fill in some text in order to describe the Custom Check.

Customer

Restricts this Custom Check to Systems of the named Customer (and its descendants in case Customers are ordered hierarchically).

In other words, only the Systems of the named Customer (and its descendants) can be selected in the System Selectors.

In case you define a Customer, you need the Permission View Custom Checks / Edit Custom Checks for the named Customer (only).

In case you define no Customer you need the Permission View Custom Checks / Edit Custom Checks for all Customers.

Execution

Optionally, choose an execution cycle. Per default, Custom Checks are run in the Basic Check Cycle of the Avantra Agent (list value RTM). You may enter your own execution cycle, or run the Custom Check in the daily cycle, see Full Check Cycle.

The actual cycle time is always ‘rounded’ up to the next Basic Check Cycle execution time. For instance, if you enter 8 minutes as the cycle time and the Basic Check Cycle is 5 minutes (as per default), the check will be executed every 10 minutes in every 2nd Basic Check Cycle.

There are also a few properties available for most of the Custom Checks but not all:

Specific properties
Service Name to record Availabilities

If you fill in a value the Custom Check records the Service Availability for use in e.g. Service Level Reports.

Report Warning as Available

If Service Availability is recorded a Warning check status is usually considered Down. Set this flag if you want Warning check status considered Up instead.

Run Custom Check on DB Host of SAP System (instead of Central Instance Host)

Set this flag if you want the Custom Check to be executed on the Server hosting the Database instance of the SAP System (instead of on the Server hosting the Central.

This option is only available if you define the Custom Check for one or multiple SAP Systems.

ACTIVE_USERS

Monitor the number of active users of SAP Instances.

Description

This Custom Check allows monitoring the number of active (i.e. logged-in) users of an SAP Instance. It can be used for SAP ABAP and Java instances. This check might be useful as input for cloud management functions.

Configuration
Warning Check Status if active users are more than

Please enter the active user count to be used as the Warning threshold

Critical Check Status if active users are more than

Please enter the active user count to be used as the Critical threshold

CCMS

Get the results from a CCMS MTE (Monitor Tree Element).

Description

You can use this Custom Check to integrate Avantra with the SAP CCMS.

Configuration
Monitor Tree Element

In order to find the appropriate values for this field, log into your SAP System and proceed to transaction RZ20.

You will see a list of CCMS monitor sets. Select SAP CCMS Monitor Templates, and double-click on one of the templates. Proceed to the Monitoring Tree you want to have checked and choose Properties.

Copy the value of the Properties of field in the SAP GUI and paste it into the Monitor Tree Element field in the Avantra UI.

Finally, replace every occurrence of Real SAP SID and the SAP Instance name in the string with the keywords <SID> and <INSTANCE>.

Report CCMS alerts of this MTE to Avantra

If this flag is set the Avantra Agent automatically confirms the CCMS Alerts corresponding to the Monitoring Tree Element and imports them into Avantra where they can be viewed using Avantra UI.

Avantra status is

Choose the check status Avantra is to display in case the SAP status is either unknown or invalid.

CCMS_MONSET

Get the results from a CCMS Monitor Tree.

Description

You can use this Custom Check to integrate Avantra with the SAP CCMS. You may use this Custom Check if you want to integrate a whole Monitor Tree instead of only a Monitoring Tree Element (as in the CCMS Custom Check).

Please be aware that defining a CCMS_MONSET Custom Check actually may create a very large number of single Checks, depending on the number of MTEs comprising the corresponding Monitor. Defining such a Custom Check on many Systems might decrease the overall performance and stability of the Avantra monitoring environment.

You may set monitoring parameter CCMSMonsetMTEMaxCount if you want to limit the number of checks being read from a Monitor tree.

Configuration
Monitor Set Name

Define the name of the Monitoring Set containing the Monitor you want to integrate into Avantra.

Monitor Tree

Define the name of the Monitor in Monitor Name. Avantra includes all MTE objects attributes (i.e. the leaves of the CCMS monitor tree) of the given monitor.

Report CCMS alerts of MTEs to Avantra

If this flag is set the Avantra Agent automatically confirms the CCMS Alerts corresponding to the Monitoring Tree Elements and imports them into Avantra where they can be viewed using the Avantra UI.

Avantra status is

Choose the check status Avantra is to display in case the SAP status is either unknown or invalid.

DISK_IO

Checks IO on given file systems for the amount of IO reads/writes and IO throughput per second.

Description

Use this custom check to monitor disk IO values on given file systems.

Reference Data
Managed Object

Dynamic Group or Static Group of Servers

Depends on

AGENTALIVE

Configuration
Time window to measure

Define the amount of time used to calculate the I/O throughput average values. The higher the time you specify, the better occasional peaks will be “flattened”, i.e. may less frequently cause Warning or Critical check status.

The default value is set to 10 minutes, which is a reasonable setting. Together with the default cycle time of 5 minutes, the check result is updated every 5 minutes and will always use data of the last two check cycles.

Please note that values that are not multiples of the check cycle are rounded to the nearest multiple of the check cycle value.

File Systems

Define the file systems you want this Custom Check to monitor. You may use * as a file system to make a single entry for all file filesystems. If you make multiple specifications and a file system matches the same, the threshold values are merged together for each file system and the lowest of each will be the effective one.

You may, for instance, define generic thresholds using a file system *. Then you might want to use lower thresholds for a special file system, e.g. /database.

FILE_EXISTS

Check if a certain file exists.

Description

The Avantra Agent checks if a given file exists. You can define the check status to report in case the file does or does not exist, e.g. an Ok if the file exists and a Critical otherwise.

Reference Data
Managed Object

Dynamic Group or Static Group of Servers, SAP Instances, SAP Systems, stand-alone Databases

Depends on

AGENTALIVE

Configuration
Check File

Define the absolute path name of the file monitored in this field. File name substitution is provided in case wildcard characters (like * or ?) are used.

For the sake of stability and sanity of the monitoring process wildcards are only allowed to be used in the file name part of the Check File Definition, but not in the directory part. If you want to check for the existence of multiple files in separate directories, you may use the RUN_PROG Custom Check and tools like find (on Unix-like operating systems) or dir /s (on Microsoft Windows operating systems).

Check Status if File Exists

Define the check status to be returned if the file exists.

Else

Define the check status to be returned if the file does not exist.

FILE_UPTODATE

Check if a certain file is reasonably new.

Description

The Avantra Agent checks if a given file exists. If not, the check status is set to Critical. If it exists the file’s last modification time is verified. You can define Warning and Critical thresholds.

Reference Data
Managed Object

Dynamic Group or Static Group of Servers, SAP Instances, SAP Systems, stand-alone Databases

Depends on

AGENTALIVE

Configuration
Check File

Define the absolute path name of the file monitored in this field. File name substitution is provided in case wildcard characters (like * or ?) are used.

For the sake of stability and sanity of the monitoring process wildcards are only allowed to be used in the file name part of the Check File Definition, but not in the directory part. If you want to check for the existence of multiple files in separate directories, you may use the RUN_PROG Custom Check and tools like find (on Unix-like operating systems) or dir /s (on Microsoft Windows operating systems).

Warning Alert if File is older than

Define the Warning threshold.

Critical Alert if File is older than

Define a Critical threshold.

FILE_CONTENT

Use the content of a text file as Check Result.

Description

The Avantra Agent checks if a given file exists. If not, the check status is set to Critical. If it exists the file’s last modification time is verified and can define a Critical threshold.

If the file is reasonably new, the content of the file is read. The first line must contain the keywords UNKNOWN, OK, WARNING, CRITICAL, or the corresponding numerical values -1, 0, 1, 2. This value is returned as check status.

The remaining lines of the file form the check message.

Reference Data
Managed Object

Dynamic Group or Static Group of Servers, SAP Instances, SAP Systems, stand-alone Databases

Depends on

AGENTALIVE

Configuration
Check File

Define the absolute path name of the file monitored in this field. File name substitution is provided in case wildcard characters (like * or ?) are used.

For the sake of stability and sanity of the monitoring process wildcards are only allowed to be used in the file name part of the Check File Definition, but not in the directory part. If you want to check for the existence of multiple files in separate directories, you may use the RUN_PROG Custom Check and tools like find (on Unix-like operating systems) or dir /s (on Microsoft Windows operating systems).

Critical Alert if File is older than

Define a Critical threshold.

FILESYSTEM

Monitor individual file systems specifically.

Description

This check works exactly the same as the static Check FILESYSTEMS but checks only the specified file systems. This custom check is intended for users, who want to check certain file systems independently from others, e.g. to provide individual notifications to owners of a particular file system.

This custom check type is not intended to replace the native FILESYSTEMS check. However, differently from the native check, it can be applied to all types of monitored objects, e.g. SAP Instances and SAP Systems.

Reference Data
Managed Object

Dynamic Group or Static Group of Servers, SAP Instances, SAP Systems, stand-alone Databases

Depends on

AGENTALIVE

Configuration
File System

Specify the file systems to be included. Wildcards * and ? are supported.

Usage

Specify the thresholds, see as well FSUsageWarn and FSUsageWarn. For Unix, you can as well define thresholds for the inodes, see FSNodeWarn and FSNodeCrit.

Nodes

Specify the thresholds for monitoring the inodes on Unix, see as well FSNodeWarn and FSNodeCrit.

HTTP_RESPONSE

Verify if websites can be accessed.

Description

The HTTP_RESPONSE Custom Check allows you to:

  • verify if a certain website is reachable (i.e. if a certain URL can be accessed and an HTTP 200 OK response is returned),

  • measure web page response times against Warning and Critical thresholds,

  • verify if the retrieved web page contains a certain content.

The HTTP_RESPONSE Custom Check supports the following HTTP/1.1 methods:

HEAD

Performs an HTTP HEAD request, i.e. only the header of the response will be retrieved.

This is usually sufficient if you only want to know if there is any response for a given URL

GET

Performs an HTTP GET request. Basic Authentication is supported as well

POST

Performs an HTTP POST request. HTML Form data can be provided URL-encoded

The HTTP_RESPONSE Custom Check also supports the HTTPS protocol scheme (more exactly: HTTP over TLS).

In case the {avantra-agent} cannot connect to the site, or the site returns a status code different from the 200 OK response, the Check turns to Warning until the number of failed consecutive connection attempts reaches the value defined in _Status turns to CRITICAL after n successive connection failures. Afterwards, the Check turns to Critical.

If the site returns a 200 OK response and there is a value defined in Content must contain string, the {avantra-agent} verifies if the defined string is contained in the HTTP response. If so, the Check returns the check status defined in _Check status if the string is found otherwise the {Check} turns to the value defined in _Check status if the string is not found.

If there are response time thresholds defined in the fields Warning alert if response time exceeds and Critical alert if response time exceeds, the response time of the site is compared to these values and the Check returns a corresponding Ok, Warning, or Critical check status.

You can also check if the SSL certificate for the server is valid and generate a {Warning} or Critical check status if it is about to expire. Of course, this works only if you use HTTPS in the _URL.

Reference Data
Managed Object

Dynamic Group or Static Group of Servers, SAP Instances, SAP Systems, stand-alone Databases

Depends on

AGENTALIVE

Configuration
URL

The URL of the site you want to verify.

Evaluate JavaScript

Set this flag if you want to interpret JavaScript eventually returned with the response.

Only set this flag if you really require JavaScript evaluation. It may be expensive in terms of execution time and memory usage.
Proxy URL

If you need to define a proxy server in order to access the site defined in the URL field you may fill in this value.

User Agent String

By default, the Avantra Agent uses the string agent/[version] in order to identify as a user agent. Some web servers may restrict access to certain browsers, like the Microsoft Internet Explorer or Mozilla Firefox, or they behave differently using one of these browsers.

If you experience problems with pages you can open with your browser, but an HTTP_RESPONSE Custom Check returns e.g. an HTTP Server Error 5xx code, you may try to set a different value for the user agent in this field. For more information about user agent strings, visit this site: http://user-agent-string.info/.

Method

Choose HEAD or GET or POST.

Basic Authentication Credentials

In case you have chosen GET in the Method field you may fill in a user name and a password in this field if Basic Authentication is required by the requested URL.

Post Form Data

In case you have chosen POST in the Method field, you have to fill in the form data in URL-encoded format.

Time Out

You may define a value for the connection timeout. The default is 10 seconds. Please note: This is a timeout for the sub-process spawned to perform the connection attempt. The timeout for the HTTP request itself will always be 80% of the defined value.

Status turns to CRITICAL after n successive connection failures

If filled with a value > 1, all consecutive failed connection attempts will return a Warning check status until the threshold is exceeded. The Check turns to Critical afterwards.

Content must contain string

You can filter the response for one or multiple strings by filling in data in this field.

If you fill in multiple strings (separated by blanks), they are treated like combined by a Logical OR, i.e. it is sufficient if one of the strings is found in the result. Therefore, in order to search for a string containing blanks, use the wildcard * instead of the blank. The same must be used to require multiple strings (in that order) to be contained in the result.

The HTTP header is also considered part of the result, so this option is also available for the HEAD method, although of limited use.

You can define the {check-status} returned in case the string is or is not found using the fields _Check status if the string is found and Check status if the string is not found.

Check status if the string is not found

If there is a value defined in the Content must contain string and the string is not found in the response, this check status is returned.

Check status if the string is found

If there is a value defined in the Content must contain string and the string is found in the response, this check status is returned.

Warning alert if response time exceeds

Fill in a Warning threshold for the response time.

Critical alert if response time exceeds

Fill in a Critical threshold for the response time.

Warning Status if SSL certificate expires within

Fill in a Warning threshold if the check shall verify SSL certificate expiry time.

Warning Status if SSL certificate expires within

Fill in a Critical threshold if the check shall verify SSL certificate expiry time.

Status if SSL certificate is invalid

Select the check status to return in case an SSL certificate is invalid.

J2EE_COMPONENT_STATUS

Check the status of NetWeaver Applications and Services with Avantra.

Description

The J2EE_COMPONENT_STATUS Custom Check allows you to check the status of arbitrary SAP Netweaver Applications and Services and map the findings to an Avantra check status.

With this check, you can check for the status of a single component, a set of components, or all components.

This Check is only supported for SAP Web Application Server Java 7.11 or higher. Additionally, SAPControl access must be configured for the corresponding SAP System.

Configuration
Component Type

This parameter defines the component type the mapping shall be applied to.

  • Application: Only Application components are mapped.

  • Service: Only Service components are mapped.

  • *: All types of components are mapped.

Name Pattern

Specify the Name Pattern for the components to be mapped. You may enter an exact name, a name with wildcards (? for a single-character wildcard, * for a multiple-character wildcard), or a regex. For a regex, you’ll have to provide '/' at the beginning and at the end of the expression. Regex mapping will always be case insensitive.

Status List

Specify a list of status names to be mapped, separated by commas. The status names correspond directly to the data retrieved from the SAP Control interface, usually, the following status names are available: running, stopped, failed, starting, stopping.

You may leave the field blank or enter an asterisk ('*') to map all statuses. This can be used to check for the presence of a component.

If Matches

Select the sub Status for the entry if the mapping matches.

The worst status found will define the overall check result.

Else

Select the sub Status for the entry if the mapping doesn’t match.

The worst status found will define the overall check result.

J2EE_JMX_MON

Integrate SAP Java Monitor MBean with Avantra

Description

This Custom Check enables you to access monitor objects in the Monitor Tree of your SAP WebAS Java in a very flexible manner.

By simply specifying the path of a Monitor Name in the Monitor Tree, you can access any of its monitor values. The check supports comparisons of the monitor values against selectable thresholds, so there is no need to alter the monitor thresholds in the Monitor Tree.

With this check, you can access monitoring data from any monitor object (JMX Monitor MBean in Java speak) you are interested in. If an application running on SAP WebAS Java features Monitor MBeans, you will be able to integrate associated checks easily in Avantra using this Custom Check.

This Check is only supported for SAP Web Application Server Java 6.40 or higher.
Configuration
MBean path

This path defines the Monitor MBean you want to access. Use one of the following methods to retrieve the Monitor MBean path:

  • Open the SAP NetWeaver Administrator, choose Java System Reports, and select Monitor Browser from the Report field. In the Monitoring Tree, choose the monitor in question.

  • Start the Visual Administrator, select the Services branch on the cluster and node your target Monitor MBean resides on, and click on the Monitoring service entry. In the tree choose the monitor in question.

    The following placeholders are supported: <SID>,<sid>,<Sid>: Real SAP SID; all uppercase, all lowercase, unmodified <HOST>,<host>,<Host>: Hostname of the hosting Server without domain; all uppercase, all lowercase, unmodified <HOSTDOMAIN>,<hostdomain>,<Hostdomain>: Hostname of the hosting Server with domain; all uppercase, all lowercase, unmodified <DBTYPE>,<dbtype>,<Dbtype>: Database Type (ADA, ORA, etc.); all uppercase, all lowercase, unmodified.

If you specify the placeholder names in uppercase letters, the replacement string will be transformed to uppercase. If you specify them in lowercase letters, the replacement string will correspondingly be transformed to lowercase. Finally, if you specify the macro name with the first letter capitalized, the replacement string will remain as provided by the system.

Node type

Specify the node type this check should be applied to. There are many MBeans with the same path for server and dispatcher nodes, but some MBeans exist only for server nodes and vice-versa. There are even MBeans that exist for both node types but are registered under a different path (like for example /Services/Memory Info/UsedMemory on a dispatcher node and /Services/Memory/UsedMemory on a server node).

The {Check} will be applied to each node that matches your _Node type selection, i.e. if an affected SAP Instance contains a dispatcher node and two server nodes, and you choose Both, the check will be executed once for each of those nodes.

Monitor Type

Select the monitor type. In the Visual Administrator, you can find this value in the Type field of the Monitor Configuration dialog window for the selected monitor object. Apparently, there is no equivalent information in the SAP NetWeaver Administrator, so you probably have to perform educated guessing based on the information provided in the Value field.

Monitor Value

The available options for this field depend on the value selected in Monitor Type. Choose the one of your interest. There are some special cases if the selected value in Monitor Type is Table Monitor or Configuration Monitor.

  • If the selected Monitor Type is a Configuration Monitor, you must specify the configuration table cell where the value of interest resides.

    This is done by specifying the matching Row Label as found in the first column of the configuration table, and the matching Column starting from 0 (0 corresponds to the label column). Usually, the wanted column will be the one with the number 1.

  • If the selected Monitor Type is a Table Monitor, you must specify the table cell where the value of interest can be found. This can be done in two ways:

    • Select labeled cell content to choose the cell of interest analogous to the row label/column number scheme for Configuration Monitors.

    • Select row/column cell content to indicate a row and column number for the target cell and fill in Row and Column.

Row Label

See the description of Monitor Value.

Row

See the description of Monitor Value.

Column

See the description of Monitor Value.

WARNING threshold

Specify a Warning threshold and the desired comparison operator.

A value that matches the resulting condition will issue a Warning Check Result if the condition is fulfilled and a Critical condition is not fulfilled.

CRITICAL threshold

Specify a Critical threshold and the desired comparison operator.

A value that matches the resulting condition will issue a {Critical} Check Result regardless of the _WARNING threshold.

Avantra status is

Choose the check status Avantra is to display in case the SAP status is either unknown or invalid.

JMX_APP_SERVER

Monitor generic Java application server providing JMX (Java Management Extensions) interface.

Description

The JMX_APP_SERVER Custom Check enables you to monitor generic Java application servers which provide a JMX interface that can be accessed via TCP/IP. Common examples are Apache Tomcat, JBoss, Websphere, GlassFish.

Due to its generic nature, this Custom Check requires some configuration, but it can monitor almost any data you like, for example, heap memory usage or threads pool usage. First of all, you need to enable remote access to the JMX interface of your application server. For Apache Tomcat, for example, the easiest way is to add it to the environment.

Example 1. Enabling JMX for Apache Tomcat

Add the line

set "CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8123
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false"

to Tomcat’s setenv.sh/bat file and restart the application server.

Once you have enabled remote access to JMX you need to get the object name, attributes, etc. you want to monitor. To do this, you can use the jconsole tool (Java Monitoring & Management Console) provided by the SDK. This tool shows you all the MBeans you can access. Please make sure that you use the remote port to access JMX, like the Avantra Agent does, instead of connecting to the local process.

Please note that Avantra support cannot assist you in how to enable JMX on our application server, or which MBeans you should monitor.
Reference Data
Managed Object

Dynamic Group or Static Group of Servers, SAP Instances, SAP Systems, stand-alone Databases

Depends on

AGENTALIVE

Configuration
Host

Hostname or IP address of the JMX application server. If the agent runs on the same host you might use localhost as hostname. Please make sure, that your application server is bound to the hostname or IP address you specify here.

Port

The TCP/IP port of the application server’s JMX remote access.

User

Name of the user in case required by the remote JMX access.

Password

Password corresponding to User in case required by the remote JMX access.

Object Name

Object Name of the MBean to be monitored. We recommend that you copy this value from jconsole and paste it here.

Attribute

The attribute to be monitored of the MBean with Object Name above. Again we recommend that you paste it here.

MBean Attribute Evaluation

The expression defines how to calculate a value to be monitored - based on the attributes or Composite Data attribute values. Supported are basic calculations (+ - / *), but no paratheses.

WARNING Threshold

Specify a Warning condition and a threshold for the MBean Attribute Evaluation

A value that matches the condition will issue a Warning Check Result if the condition is fulfilled and a Critical condition is not fulfilled.

CRITICAL Threshold

Specify a Critical condition and a threshold for the MBean Attribute Evaluation

A value that matches the condition will issue a Critical Check Result.

Message

Specify the custom check result message. If you leave this field blank, a standard message giving the result of the MBean Attribute Evaluation will be displayed.

If you want to display a more human-readable result message, type your desired message and use $1 as a placeholder for the MBean Attribute Evaluation result.

LOG_ADAPTER

Monitor textual log files and the Microsoft Windows EventLog.

Description

This Custom Check allows you to monitor textual log files as well as Microsoft Windows EventLogs. It is based on pre-defined or self-defined Log Adapters, which provide log entries of arbitrary log sources as an array of standardized sets of key-value pairs.

Using those key-value pairs as Macros in conditional Expressions, the LOG_ADAPTER Custom Check allows you to define conditions to trigger Check Results.

The LOG_ADAPTER Custom Check supports logs spread over multiple log files as well as cyclic log files.

Reference Data
Managed Object

Dynamic Group or Static Group of Servers, SAP Instances, SAP Systems, stand-alone Databases

Depends on

AGENTALIVE

Configuration
Log Adapter Type

The type of a Log Adapter.

Log Adapter

Select your desired Log Adapter. As soon as you have selected a Log Adapter, the available Macros are loaded and the Expression Editors in various fields are initialized.

A click on the icon provides additional data about the Macros provided by the selected Log Adapter.

Log File Path Pattern

If you have selected File Adapter in Log Adapter Type you have to fill in this value, which indicates the path and file name of the target log files.

The LOG_ADAPTER Custom Check supports logs spread over multiple log files as well as cyclic log files. In order to identify the log files belonging to a scenario, the LOG_ADAPTER Custom Check features a flexible log file path pattern interpreter.

In order to best use the log adapter, you must understand how log files are written by your application.

Typical applications write log files until a specific size is reached and then start writing to a new log file. What happens to the old log file depends on your application and is not standardized. Most applications write log files with one of the following procedures. Use the corresponding values for the Log File Path Pattern.

The current log file where the application writes into it has always the same and unique name. When this file reaches the size limit, the log file is renamed (or moved) and gets a new name. The new name typically contains an ascending number or a timestamp to uniquely identify this file. After that, a new file is created with the same name again and the application writes into the new log file.

Define the Log File Path with the exact name of the log file. Do not use wildcards. Do NOT define the Archived Log File Path. Avantra finds old (or rotated) files with the unique file id (inode).

The current log file where the application writes into has a unique name. When the log file reaches the size limit, a new log file is created with a new unique name and the application writes into the new log file. The old log file is not touched anymore. With this approach, each log file has a unique name which is typically an ascending number or a timestamp. Since the file name is not known in advance, you must use wildcards to identify this file (see below).

Define the Log File Path using wildcards to identify the file. Define the path as exact as possible. If old files have a different name pattern, define also the Archived Log File Path (with wildcards).

Similar to the first. but the log file is not renamed (or moved) but copied to a new file (or new location). A new file is created with the same name and the application starts to write into the new file. When a file is copied it gets a new name and a new file id (inodes).

Define the Log File Path with the name of the file. You can use wildcards if necessary. You must also define Archived Log File Path to find the old file. Use wildcards if necessary. Please make sure that the path defined in Log File Path does not match rotated files and the path defined in Archived Log File Path does not match the current file.

Your application does not have a limit to the log file size. It always writes to the same log file. (If the log file is getting too big, this is another issue that is not covered in LOG_ADAPTER).

Define the Log File Path with the exact name of the log file. You can use wildcards if necessary.

If you do not know exactly how your application writes log files, perform the following:

  • Define the Log File Path with the name of the file. You can use wildcards if necessary.

  • Also, define the Archived Log File Path with the name of the archived file. You can use wildcards if necessary.

You may use the following utilities and shortcuts to define general file patterns:

  • Use the to view and insert available Custom Check Macros to generalize your path pattern for different system environments.

  • Use wildcard characters for single (?) and multiple (\*) characters to match multiple log file names. These wildcard characters are only supported in the file names, not in the directory parts.

  • If you use wildcards, the LOG_ADAPTER Custom Check will determine the latest file matching the wildcards in every read operation. It will only monitor this single file. If your wildcard definition matches multiple files that are not written in chronological order, the LOG_ADAPTER Custom Check may read data from different files over time, depending on which file was updated last. The result is most likely not what you expect, and the check will return a Warning`Context lost`Check Result from time to time.

  • Use the slash key (/) instead of backslash (\) as file separator on Microsoft Windows and Unix operating systems for platform-independent path definitions.

Archived Log File Path

See Log File Path Pattern.

Log Adapter Processing

This setting defines which entries of the log files are to be processed. Log entries written since last check cycle processes all log entries that have been added after the last read of the file. Log entries written in last x minutes reads all entries that have been added during the past Log Entry Timespan minutes.

Using Log entries written in last x minutes requires that you have defined a Log Adapter that contains timestamps in a way that the Avantra Agent is able to read and understand. If your log file does not provide reasonable timestamp information, choose Log entries written since last check cycle instead.

This parameter, together with the execution cycle, has a direct impact on the duration a LOG_ADAPTER Custom Check alert is visible in the RealTime Monitoring. The time you indicate in Check Result is visible in the RealTime Monitoring.

When you select Log entries written since last check cycle, the alert will be visible for Log entries written since last check cycle * execution cycle minutes.

Log Entry Timespan

Fill in the period of time the {avantra-agent} should look back while processing the log file if Log entries written in last x minutes is selected in _Log Adapter Processing>.

Warning Condition

Define a conditional expression that indicates log entries considered as Warning.

Critical Condition

Define a conditional expression that indicates log entries considered as Critical.

A Critical match will override Warning matches in terms of the check status. The check message will also be overridden unless you select All matching log entries in Create Message For.

Match Counter Threshold

In the Warning Trigger section, this value defines how many entries must be matched to the condition before the check status will be set as Warning. I.e. if there are only 2 entries matching and this value is set to 3, then the check status will be OK. If there are 3 or more entries matching, then the check status will be set as Warning.

In the Critical Trigger section, this value defines how many entries must be matched to the condition before the check status will be set as Critical. I.e. if there are only 2 entries matching and this value is set to 3, then the check status will be OK. If there are 3 or more entries matching, then the check status will be set as Critical.

Resolution Condition

Define a conditional expression that indicates log entries that resolve issues found using Warning Condition or Critical Condition.

Create Message For

You can specify the format of the check message shown in RealTime Monitoring or used in Notifications.

The message format has a static header that indicates which and how many of the trigger conditions have matched, followed by optional information on the matching log entries.

You may choose between the listed formats. For the detailed layout of the display of log entries, see also Message Format.

No log entry

No details of matched log entries are shown.

First matching log entry

Details of the first matching log entry are shown.

Last matching log entry

Details of the last matching log entry are shown.

All matching log entries

Details of all matching log entries are shown.

Message Format

Define the display of a matched log entry in the check message. You may enter arbitrary text tokens in the field, and you may use all Macros available for the selected Log Adapter (using the icon) to build a meaningful description text.

NETWORK_IO

Checks IO on given network interfaces for send and receive throughput, errors, utilization

Description

Use this custom check to monitor network IO on given network interfaces.

Reference Data
Managed Object

Dynamic Group or Static Group of Servers

Depends on

AGENTALIVE

Configuration
Time window to measure

Define the amount of time used to calculate the I/O throughput average values. The higher the time you specify, the better occasional peaks will be "flattened", i.e. may less frequently cause Warning or Critical check status.

The default value is set to 10 minutes, which is a reasonable setting. Together with the default cycle time of 5 minutes, the check result is updated every 5 minutes and will always use data of the last two check cycles. Please note that values which are not multiples of the check cycle are rounded to the nearest multiple of the check cycle value.

Network Interfaces

Define the network interfaces you want to monitor. You may use * as network interface name to make a single entry for all network interfaces. * is a good value for an initial setup, because all network interfaces are then displayed in the check results table including description (if available) and IP address.

If you make multiple specifications and an interface matches the same, the threshold values are merged together for each interface and the lowest of each will be the effective one.

You may, for instance, define generic thresholds using a network interface *. Then you might want to use lower thresholds for a special interface, e.g. eth4.

NW_RESPONSE

Monitor availability and response time of remote hosts.

Description

This Custom Check sends a configurable number of ICMP echo request packets to a given host, receives the ICMP echo replies, and calculates packet loss as well as packet round-trip-time, i.e. the check virtually does what the ping operating system command does.

You have the option to define packet loss thresholds; if there is no packet loss, the network round-trip-time can be compared to corresponding response time thresholds in order to generate Warning or Critical Check Results.

It is characteristic of the ICMP protocol to require administrative permissions in order to generate ICMP echo requests. On Microsoft Windows operating systems the permissions the Avantra Agent runs with (as a service) are usually sufficient. On Unix-like operating systems the Avantra Agent would need to run as user root to execute the NW_RESPONSE Custom Check. This is generally not recommended. If you want to use this feature, it is recommended to run it on a Microsoft Windows host.

Reference Data
Managed Object

Dynamic Group or Static Group of Servers, SAP Instances, SAP Systems, stand-alone Databases

Depends on

AGENTALIVE

Configuration
Host Name or IP Address

Fill in the host name or the IP address of the remote host.

Packet Loss Warning Threshold

Define a Warning threshold for packet loss.

Packet Loss Critical Threshold

Define a Critical threshold for packet loss.

Average RTT Warning Threshold

Define a Warning threshold for the average round-trip time.

Average RTT Warning Threshold

Define a Critical threshold for the average round-trip time.

Timeout

Define a time out for the Check. The check status will be Critical if the time out is exceeded.

Number of Packets

Define the number of ICMP packets to send per Check

Packet Size

Define the size of ICMP echo request packets

PARAMETER_VALUES

Verify SAP instance profile parameters, Java system property values, or database parameters.

Description

This Custom Check allows you to verify the actual value of an SAP instance profile parameter, a Java system property (properties of Services and Managers), or a database parameter against a given value. For example, it might be required that some parameters have a certain setting for security or compliance reasons, so you might want to monitor this.

To be able to check profile parameters of non-ABAP SAP Instances, the SAPControl user must be maintained. See Defining the SAPControl User on how to do this.

To check SAP profile parameters, you must select SAP Instances.

For database parameters, you can choose between Database for standalone database or SAP Systems for underlying database.

The check result depends on the setting of If value does not match alert as. If multiple parameters are checked, the worst status of all will be the total status of the check.

Configuration
Type of System Configuration

The type of system configuration to be verified, either Profile Parameter for parameters found in an SAP instance profile, or Java Service Property for parameters of Services and Managers found in the section Java System Properties of the SAP NetWeaver Administrator.

For SAP Systems or Databases, there is only one option Database Parameter.

Parameter Name

The name of the profile parameter, you want to verify the value of. Examples in the security area of an ABAP instance are login/no_automatic_user_sapstar or in the compliance area rec/client.

Java system properties are also specified in one string and follow the syntax Service Component Name/Property. For properties of Managers, you simply replace the Service Component Name with the name of the manager. Examples in the security area of a Java instance are com.sap.security.core.ume.service/ume.logon.security_policy.password_min_length or SessionManager/session.invalidation.timeout.

For database parameters of a DB2 database, you must prepend DBM. for the parameters of the database manager, and SID. for parameters of the database itself.

To specify the database parameters of a HANA database, parameter names are combined using the scheme section.key, e.g. persistance.trace. Furthermore, you can query for parameters of a certain host by using the host keyword, e.g. host=thehanahost;persistance.trace. You can also query the parameters by the file, the layer or by the tenant. Examples: file=global.ini;persistance.trace, layer=SYSTEM;persistance.trace or tenant=xy;persistance.trace.

Operator

The operator used to compare the actual value against the given value. You can choose from a variety of text and numerical operators, a between operator, and regular expressions. If you use numerical operators, the given value and the actual value will be checked if they look like a number. A wide range of numerical notations is supported, integers, floating point, scientific. The between operator will evaluate to true, when the actual value is inclusively between the two given values.

Example 2. Example for rsau/enable

The parameter rsau/enable may have the following values: TRUE, FALSE, 0, 1, ON, OFF, YES, NO, which are not case-sensitive.

In order to verify if Security Audit is enabled, you would configure:

Parameter Name

rsau/enable

Operator

=~ (regex)

Parameter Value

|^TRUE$|^1$|^ON$|^YES$/i

Parameter Value

The given value of the profile parameter, i.e. the value the monitoring parameter should have. This value will be compared against the actual value. The actual value is retrieved by RFC using a kernel function, so no matter if it is defined in the default or instance profile, the actual effective value will be used.

You can specify SAP profile-specific placeholders, e.g. $(SAPGLOBALHOST). The agent will replace them with the actual value prior to the comparison with the actual value of the Parameter Name. This way the scope of one custom check definition can be used for more than one system.

Tag

Free text field to add a custom reference which will appear in the check output. This might be useful in Service Level Reports to document a certain paragraph or the like.

If value does not match alert as

Select the status, in case the parameter actual value does not match the given value, either Warning or Critical.

If parameter does not exist alert as

Select the status, in case the parameter actual value does not exist, either Ok, Warning or Critical.

If values is null alert as

Select the status, in case the parameter actual value is the null value, either Ok, Warning, or Critical.

PROCESS

Watch if processes are running.

Description

This Custom Check can monitor whether or not a configurable number of processes sharing the same process name are running.

The Check is available on Unix-like operating systems and on Microsoft Windows operating systems. However, it might more useful on a Unix host.

You can define minimum and maximum Warning and Critical thresholds for the number of instances of the process in question.

Reference Data
Managed Object

Dynamic Group or Static Group of Servers, SAP Instances, SAP Systems, stand-alone Databases

Depends on

AGENTALIVE

Configuration
Process Name

Enter the name of the process you want to monitor.

  • On Unix-like operating systems, fill in the process’ simple command name, i.e. the process’ executable name without any arguments. The simple command name is the value displayed by the -o comm option in the POSIX version of the ps command. See also man ps on your system.

  • Also, on Unix-like operating systems, if a simple command name is not sufficient (like in Java applications), you can also define a name to match (a substring of) the process’ command line call. The command line call is the value displayed by the -o args option in the POSIX version of the ps command. See also man ps on your system. Please note that this value may be limited to 256 characters on some systems.

    If you prefer this option, make sure you set the flag Match process name in process table…​.

  • On Microsoft Windows operating systems enter the process name (as shown in the Processes tab of the Task Manager), but without the trailing .exe.

Critical alert if number of processes is lower than

If the number of running processes falls below this threshold, a Critical check status is returned.

Warning alert if number of processes is lower than

If the number of running processes falls below this value, but does not exceed the value defined in Critical alert if number of processes is lower than, a Warning check status is returned.

If the field is left blank, no Warning check status is returned at all.

If the value in this field is less than the one defined in Critical alert if number of processes is lower than, the latter value will be ignored. This method can be used to receive only Warning but no Critical Check Results.

Warning alert if number of processes is higher than

If the number of running processes exceeds this threshold, but is still below the value defined in Critical alert if number of processes is higher than, a Warning check status is returned.

If the field is left blank, no Warning Check Results are returned at all.

If the value in this field is higher than the one defined in Critical alert if number of processes is higher than, the latter value will be ignored. This method can be used to receive only Warning but no Critical Check Results.

Critical alert if number of processes is higher than

If the number of running processes exceeds this threshold, a Critical check status is returned. If the field is left blank, no Critical Check Results will be returned.

RUN_JS

Run a script and evaluate SAP RFC functions, database queries, OS commands, or Cloud Services.

Description

RUN_JS is a very powerful Custom Check type, which combines several different ways to retrieve data and evaluate the results using JavaScript. RUN_JS can easily access ready-to-use objects, for example, established RFC connections to SAP ABAP systems, established database connections, an OS object to run commands, or make HTTP requests to Cloud Services. This custom check type can be used to generate comprehensive check results, including sortable tables, that can even combine different sources of data retrieval.

run js concept

The RUN_JS custom check is a very powerful tool. Data retrieval by RFC, SQL, OS, or HTTP is executed using the permissions you have provided for the corresponding user. You can gain access to sensitive data if RFC, database, or OS user permissions are not restricted. Use this custom check at your own risk. Avantra shall not be liable for any direct, indirect, special, incidental, or consequential damages arising from the use of this custom check. Nor can we provide any support for designing data retrieval and writing evaluation scripts.

The RUN_JS custom check supports ECMAScript 2019 for Avantra Agents 20.11 and higher and ECMAScript 5.1 for older versions.

Starting with Avantra 20.11.5, this custom check type depends on the global Avantra Master setting Security.EnableOSCodeExec.

The check evaluation logic is provided by a (usually small) JavaScript program. This script can access objects which are provided by the Avantra Agent, so the programmer can focus on the check logic and not worry about establishing connections, etc.

To script the evaluation logic, users of this check type need to be familiar with the built-in variables and API to use them, as described in section JavaScript based Custom Check API below.

The RUN_JS custom check can be created for any monitored object type, however, certain built-in variables are only available in the context of the corresponding system type, i. e. an RFC connection to an ABAP system is only available in the context of SAP systems and SAP instances.

Apart from the examples provided in the JavaScript based Custom Check API below, see also solution document RUN_JS Custom Check Examples, which contains ready-to-use examples for download.

You need a Java Virtual Machine 1.8.0_65 or higher in order to make use of all functions of this Check.
Configuration
Script

The JavaScript program providing the check data retrieval and evaluation logic. See section JavaScript based Custom Check API.

Report Execution Time

If this option is enabled, the time to run the script is appended to the check result text. This might be useful to check if the performance of a script is good.

Execute Test Run

Starting with Avantra Version 21.11, you can run tests for newly created RUN_JS checks on the selected Agent directly from the Avantra UI. This feature does not require saving or activating the check, i.e. it can be tested before affecting the execution of the check on other systems.

To test your check code:

After modifying your script in the Script field, click the Execute test run button under the check name at the top of the dialogue box. Select one or multiple system to test the check on and click the Test button to run your script directly on those selected systems.

Although this is a testing tool, the script will execute on the systems in the same way it does in a real check execution. If the check has any side effects then these will also happen in test mode.

This feature can be disabled by the Security.RUNJSEnableTestExecution setting in your Avantra Server.

RUN_PROG

Integrate your own monitoring scripts or programs into Avantra

Description

The RUN_PROG Custom Check allows you to integrate your own monitoring scripts or programs into Avantra.

While you define a RUN_PROG Custom Check, you may upload your script or program to the Avantra Database. It is transferred to the Avantra Agent together with the agent configuration.

The Avantra Agent executes the program during the Basic Check Cycle, the exit state of the program is considered as check status, while the program output is used as the check message. Optionally, you can configure the RUN_PROG Custom Check to find and collect performance data in the program output.

There are two options for this Custom Check: you can either simply execute a script or program that is already installed on the target System (more exactly: on the hosting Server), such as an operating system command. Or, what you probably want in most cases, is to store the script/program in the Avantra Database and deploy and run it on the target Systems. In the latter case, the program is transferred to the Avantra Agent, saved to the local filesystem, and executed from there. It is also verified prior to each execution that the script/program on the local filesystem has not been altered. Otherwise, it will be replaced by the version stored in the Avantra Database.

Starting with Avantra 20.11.5, this custom check type depends on the global Avantra Master setting Security.EnableOSCodeExec.

Once the Custom Check is deleted, the program is removed from the filesystem (if Delete program after check deletion is set). Before we start describing how to set up and use the RUN_PROG Custom Check, we would like to highlight some important facts:

  • Scripts/programs must not be too large. 50 to 60 KB (compressed size) will be ok (which in fact can be a very comprehensive script).

    Please note that the program is attached to the System's configuration, so it is transferred over the network whenever the configuration changes. If you desire to execute larger programs, you can deploy the programs yourself to the target Systems and configure this Check accordingly.

  • Only single scripts/programs can be transferred, there is no pack/unpack mechanism for multiple scripts/programs. You may work around this in the same way as described in the previous item.

  • It is recommended to avoid blanks in the Custom Check name as well as in the script/program name. While the Avantra Agent does its best to cope with blanks, you need to provide proper quoting in the command line definition. Avoiding blanks makes the definition easier and more robust. (The Custom Check name by default will be used as the name of the directory the script/program is stored into.)

  • The script/program is executed in the security context of the Avantra Agent, i.e. on Unix-like operating systems, it is running with the permissions of the user running the Avantra Agent, on Microsoft Windows operating systems it is running as LocalSystem user, unless you have changed the service’s Log on properties.

  • Please observe the following coding guidelines for scripts/programs:

    1. Keep the output message short. One or two lines (80 characters each) shall suffice.

    2. Return a proper exit state: 0 will create an Ok Check Result, 1 a Warning, and 2 or higher a Critical Check Result.

      If you want the Check to return an Unknown check status, use the same exit code you define in Exit code for Unknown check status. You may use the Unknown return code if the program has not been called properly, or if your program is not able to determine the check result.

    3. If you execute system commands, always use the full path, or use an internal PATH variable in your scripts in order to be sure all commands can be executed! This is especially important if scripts are deployed on several different platforms.

    4. If you use temporary files, make sure you clean them up properly!

    5. The script/program typically should not run longer than 10 seconds. It is recommended that the script/program itself takes care to exit properly if a runtime threshold is exceeded. Otherwise, Avantra Agent will stop the program after the number of seconds defined in the Timeout field. Using timeouts is important especially when the script/program accesses network resources.

    6. Keep your scripts/programs small! Small programs are transferred faster to the Avantra Agent and probably execute more quickly! If you need to execute longer running programs, consider using the FILE_CONTENT Custom Check.

Once you have deployed the script or program you have also the option to remove it again. Use the Delete Program From Database button.

Reference Data
Managed Object

Dynamic Group or Static Group of Servers, SAP Instances, SAP Systems, stand-alone Databases

Depends on

AGENTALIVE

Configuration
Program executable name

This field is no longer needed. However, it is still used if available from older definitions.

Command line call

Define the full command line call to be executed by the Avantra Agent. It is recommended to use absolute path names whenever possible.

Example 3. Example for Run Program Custom Check Command Line Call Definition
/bin/sh "%%PROG_DIR%%/proggy.sh" -param 1 -param 2

on Unix-like operating systems or

"C:\Program Files\system32\cmd.exe" "%%PROG_DIR%%\proggy.cmd" /param 1 /param 2

on Microsoft Windows operating systems.

You have to use quotes whenever a blank is contained in the program or directory name. Please note that also the resolved macros may contain blanks, so it is recommended to use quotes around macros as well.

You may use newlines in this field for ease of reading and writing. Note that they are stripped (not replaced by blanks) prior to execution.

Working directory

Define a working directory of the executed script or program.

Environment variables

Define environment variables for the executed script or program. Please note that multiple entries must be separated by commas or semicolons. The format is name ‘=' value { (';' | ',’) name '=’ value}

Example 1:

timeout=300;mode=test

Example 2:

file=/path/to/your/file;url=http://host/path

Time out

Define a timeout for the executed script or program.

There is a hard limit for this value defined by the CheckCycleTime Monitoring Parameter. In other words, the effective time out is the minimum of the value defined in this field and the CheckCycleTime Monitoring Parameter.

Exit code for unknown check status

Use this field to define the exit code of your program that shall indicate an Unknown check status.

The default value, which is -1 for historical reasons, is not supported on Unix-like operating systems, so you may want to adapt this value accordingly if you plan to operate with Unknown check status.

Collect Performance Values

If you want the {custom-check} to collect performance data (which must be written to console output by the program), check _Select Performance Resource Type and choose a previously defined custom performance resource type from the list. See Configuring Custom Performance Data Resource Types on how to define custom performance resource types.

The syntax supported follows the plugin output specification of a common open source monitoring product.

If the program does not return or returns erroneous performance data the Custom Check will report a Warning status, with a message e. g. 'Result is supposed to return performance data but nothing was found' or 'Missing or invalid performance data'.

Return Timeout as

Determine whether to return the check status as Ok, Warning, Critical, Unknown if the timeout specified in the Time out setting is exceeded.

Omit the command line in check result

Check the box to not display the command line in the check result.

Program

Use the Upload Program button in order to select a script or program to deploy.

Original File Name

Read-only field containing the name of the script or program once it is deployed. The name is displayed as a link that allows you to download the script or program.

This field is only available if a script or program has been uploaded.

Checksum

Read-only field containing the MD5http://en.wikipedia.org/wiki/Checksum[checksum] of the script or program once it is deployed. This value is used to detect whether the file copied to the target System's filesystem has not been modified.

This field is only available if a script or program has been uploaded.

Upload Date

Read-only field containing the date the script or program was uploaded.

This field is only available if a script or program has been uploaded.

Program Directory

You may define where the script/program is supposed to reside in the target System's filesystem by filling in the appropriate directory.

If you fill in this value, please note that the user running the Avantra Agent needs read, write, and execute permissions on this directory!

This field is only available if a script or program has been uploaded.

Delete program after check deletion

If you set this flag, the Avantra Agent will take care to remove the script/program once the Custom Check is deleted. The Program Directory is also removed if it is empty.

This field is only available if a script or program has been uploaded.

Service Name to record Availabilities

If you enter a value, the Custom Check will record the Service Availability for use in e.g. Service Level Reports.

Report Warning as Available

If Service Availability is recorded, a Warning check status is usually considered Down. Set this flag if you want the Warning check status to be considered Up instead.

SAP_BW_UPLOAD

Monitor upload times in SAP BI Systems.

Description

As the name indicates already, the SAP_BW_UPLOAD Custom Check is available for SAP Business Information Warehouses only. It checks whether running uploads (i.e. Data Transfer Processes, `DTP`s) are taking longer than configurable thresholds. Once a DTP is in a non-running state, it will not be subject to this Check.

Configuration
Upload Target

Define an upload target (e.g. an InfoCube or ODS). Wildcard * is supported.

Upload Time Warning Threshold

Define a Warning threshold for the upload time.

Upload Time Critical Threshold

Define a Critical threshold for the upload time.

SAP_CLIENTS

Monitors SAP client settings against user-configured given values.

Description

The SAP_CLIENTS Custom Check is available for SAP ABAP systems and monitors SAP client settings against user-configured given values. For example, you may want to assure the Change and transport setting is always set to No Changes allowed and any violation against this rule shall be reported as Warning or even Critical check status.

Configuration
Clients (wildcard * allowed)

Defines a comma or space-separated list of clients the given rule shall be checked on. You may use wilcard * to define multiple clients, i.e. 1* to define all 1xx clients. Use * to apply a rule to all clients found.

Exclude clients (optional)

Optionally exclude clients from include rule before. For example, you may want to apply a rule to all clients using * but want to exclude client 000 and 066.

Rule

Define the rule you want to check on the set of clients defined using the Clients field.

Select one of:

Client must exist, Client must NOT exist, Client Role must be, Client Role must NOT be, Currency must be, Changes and transports must be, Changes and transports must NOT be, Cross-Client Object Changes must be, Cross-Client Object Changes must NOT be, Client Copy and Comparison Tool Protection must be, Client Copy and Comparison Tool Protection must NOT be, CATT and eCATT Restrictions must be, CATT and eCATT Restrictions must NOT be, Locked due to client copy, Protection against SAP upgrade

Argument

Define the arguments, i.e. the given value of this rule. The list or field depends on the argument Rule defined before. For example, if you choose Changes and transports must be as a rule, select one of the following arguments as given value:

Changes without automatic recording, Automatic recording of changes, No Changes allowed, Changes w/o automatic recording, no transports allowed

Tag

Add an optional Tag that appears in the check output. This might be useful in Service Level Reports to document a certain paragraph or the like.

Status if Rule is violated

Define the status if the rule is violated, either Warning or Critical. The overall Check status will be the worst of all rules.

SAP_CONTROL_ALERTS

Shows alerts listed from Sap Control function GetAlertTree.

Description

The SAP_CONTROL_ALERTS Custom Check is available for SAP ABAP and Java systems. The data read from this check is equivalent to the data read from the Sap Control function GetAlertTree (the same data is also available via CCMS (RZ20)).

The alerts listed in this function have path, name, value, and status. You can filter the alerts you want to retrieve using filter options. You can also view all nodes by using * as a filter. This is very convenient to see the current alert nodes and values of your SAP systems.

Configuration
Alert Names

Set the alert nodes you want to include in the check. Click on + and - to include multiple nodes. You can use wildcard * to select multiple alerts.

Show Full Path

Alert nodes are hierarchically in a tree structure organized. Mark this option if you want to include the full path to the alert nodes in the check result.

Include Unknown/GRAY Alerts

If checked, unknown alerts (GRAY) are included in the check result.

Unknown/GRAY Status

Set to report unknown/GRAY alerts as a different status. E.g. report unknown alerts as CRITICAL.

Ignore Alert status

If set, the overall check status remains OK even though some alerts are RED or YELLOW. Use this option if you are only interested in the value of the alerts but not in the status.

SAP_IDOCS

Monitors number of SAP intermediate documents (Idocs) found using specific select criteria.

Description

The SAP_IDOCS Custom Check is available for SAP ABAP systems and monitors the number of Idocs found with specific user selection criteria against configurable thresholds. You may, for example, search Idocs with a special erroneous status sent to a certain partner and report records found as Warning or even Critical check status, if the number is above the corresponding thresholds.

Configuration
IDOC Selection

Defines selection criteria to query for Idocs. All criteria are used with an AND clause, i.e. an Idoc must match all criteria specified to be found.

Be careful to actually enter selection data, especially limit the selection by max age in days. Otherwise, the check may select a huge amount of data and time-out, since the EDIDC may contain many millions of records.

Clients (wildcard * allowed)

Defines a comma or space-separated list of clients to be used as selection criteria. You may use wildcard * to define multiple clients, i.e. 1* to define all 1xx clients. Leave the field blank to select from all clients.

Status Numbers

Specify one or many status numbers of the Idoc to be used as selection criteria. Use comma-separated list to define multiple values. It is also possible to select ranges, e.g. 03-10. Use ! to exclude a status, and please make sure to always use a leading 0 for the status.

Example: 01-70, !53, !67, 80

Time and Date

Define the time and date specifications of the Idocs to be selected. You can choose amongst creation time, last modification time, max age, etc. Field IDOC max age in days is a required field and initialized to one day.

Message Type, Variant, or Function

Define the Idoc’s message type, variant, or function. Each field supports comma-separated list to define multiple values. Wildcard * is supported as well.

Direction

Define the Idoc’s direction, which is either Inbox or Outbox. The setting affects which fields to use for further selection, i.e. the setting defines if either Receiver or Sender specs needs to be used.

Receiver or Sender

Define the Idoc’s following criteria for either Receiver or Sender: Port, Number, Type, or, Partner Function. Each field supports comma-separated list to define multiple values. Wildcard * is supported as well.

Maximum number of IDOCS to retrieve

Define the maximum number of Idoc’s to retrieve. It is recommended to use this setting. Default: 500.

IDOCS Checks

Fill in the number of Idocs for the Critical and Warning thresholds. Obviously, the Critical should be above the Warning value. You can leave one of each blank, then the check result will either be only Critical or Warning.

SAP_BO_JOB

Monitor canceled, delayed, long-running, or short-running SAP BO Jobs.

Description

This allows you to monitor if a given SAP BO Job is canceled, delayed, running too long or too short, running in the defined time period, or if multiple instances of the check are running.

Specific Configuration
Job Name

Fill in the name of the job. The wildcard * is supported in order to monitor multiple jobs using the same Custom Check definition. Use a comma to separate multiple jobs. Each SAP BO job matching the pattern given as the job name is considered on its own and reported as a sub check within this check.

Excluded Jobs

Fill in the name of the job to be excluded from the search. Use a comma to separate multiple jobs. Wildcards are supported.

Consider last

Specify the number of days to select jobs. If left empty, the last 2 days will be considered.

Select Job Types

Use the search or selector tool to include only the jobs of a certain type(s). If left empty, then all job types will be considered.

Select Job Owner

Only the jobs of the specified owner(s) will be examined. All owners will be considered if the field is left empty.

Select Jobs started after

Set this time to select only jobs which are started after this time. Set a time between 00:00 and 23:59.

Select Jobs started before

Set this time to select only jobs which are started before this time. Set a time between 00:00 and 23:59.

The following settings can be performed with Select Jobs started after and Select Jobs started before: If you set both times, only jobs which are started within this time interval are selected.

Example 4. Job Start Examples
  • To select jobs started between 10:00 and 16:00, set Select Jobs started after to 10:00 and set Select Jobs started before to 16:00.

  • To select jobs started between 23:00 and 02:00 (of the next day), set Select Jobs started after to 23:00 and set Select Jobs started before to 02:00.

Rules Configuration

You can compile your own rules using the Rules section. The overall rule may consist of separate smaller rules. If the job matches the rule’s criteria, then it will go to the specified Status.

SAP_JOB

Monitor canceled, delayed, long-running, or short-running SAP Jobs.

Description

This allows you to monitor if a given SAP Job is canceled, delayed, running too long or too short, running in the defined time period, or if multiple instances of the check are running. Generally, Avantra always examines the most recent SAP Job of a given name. However, if option Report canceled job as well, if following job run was successful is used, canceled jobs still get reported, if a successful job with the same name and a more recent date/time was found. If this option is used, it is recommended to specify a reset time using Reset After otherwise the canceled job is displayed for a maximum time of two days.

Aborted SAP Jobs are already monitored by the JOBSTAT Check. So it is not required to use this custom check with Job Name * to monitor aborted jobs since JOBSTAT Check is performance optimized for this purpose.

Configuration
Job Name

Fill in the name of the job. The wildcard * is supported in order to monitor multiple jobs using the same Custom Check definition. Each SAP job matching the pattern given as job name is considered on its own and reported as a sub check within the given check.

It is not recommended to use wildcard * together with option Status If Job Not Found, see below.

SAP Client

Specify the client of the job as either a black or white list. If you use a blacklist, jobs must not run in the given list of clients, otherwise, they will not be selected. If you use a whitelist, jobs must run in the given list of clients. The list of clients can be separated by spaces, commas, or semicolons, and a client must be a three-digit number. When selecting jobs, the client is determined from SAP jobs overview table field TBTCO.AUTHCKMAN.

Check in each client

Per default, SAP_JOB Custom Check searches globally for jobs in all clients (or whitelisted or blacklisted if this option is used) and sorts them by date/time to check the most recent. You can change this behavior by enabling Check in each client. SAP_JOB Custom Check will then group all job query results by client and run the same checks for each client separately. You may, for instance, want to check, if a job with the same name finished successfully in several clients, etc. Before this option appeared, you would need to create several SAP_JOB Custom Check for each client. Now using Check in each client this can now be done in one Custom Check.

If you provide a client whitelist, SAP_JOB Custom Check will search in the list of clients provided. A Warning will be reported if a whitelisted client does not exist. If you provide a blacklist (which can as well be empty), SAP_JOB Custom Check will determine all clients of the system and will check in each of them, except the ones blacklisted.

SAP User

Specify the user of the job as either a black or whitelist. If you use a blacklist, jobs must not be scheduled by users in the provided list, otherwise, they will not be selected. If you use a whitelist, jobs must be scheduled by one of the users on the list. The list of users can be separated by spaces, commas, or semicolons. If you want to use one of these characters in the user name, you must escape it with a backslash (\). Please note that the custom check will select the field TBTCO.SDLUNAME of SAP jobs overview table TBTCO and thus query the user who scheduled the job.

Select Jobs started after

Set this time to select only jobs which are started after this time. Set a time between 00:00 and 23:59.

Select Jobs started before

Set this time to select only jobs which are started before this time. Set a time between 00:00 and 23:59.

The following settings can be performed with Select Jobs started after and Select Jobs started before: If you set both times, only jobs which are started within this time interval are selected.

Example 5. Job Start Examples
  • In order to select jobs started between 10:00 and 16:00, set Select Jobs started after to 10:00 and set Select Jobs started before to 16:00.

  • In order to select jobs started between 23:00 and 02:00 (of the next day), set Select Jobs started after to 23:00 and set Select Jobs started before to 02:00.

Execute check during time selection

This checkbox is only relevant if Select Jobs started after and Select Jobs started before are set. If both are set, the check is by default not executed when the current agent time is in the selection interval! If you want to execute the check also when the current agent time is in the selection window, then mark this checkbox.

Alert already cancelled Job as

Choose a check status to return in case the watched Job is cancelled.

Report canceled job as well, if following job run was successful

By default, a canceled job will no longer be reported, if a more recent and successfully finished job with the same name has been found. You can change this behavior by enabling this option.

Status If Job Not Found

Choose a check status to return in case the watched Job is not found as a released job. If you do not want to have this feature enabled, you simply leave the field blank, which is the default.

If you use wildcards * in the job name definition and multiple jobs are found, the check result will return as Warning with message

WARNING - Multiple jobs with different names found for target name <yourjob*>: <list>
Please turn 'Status If Job Not Found' option off or do not use wildcards for job name.
Reset after

You may define a time span after which the check status is set back to Ok in this field.

If you leave this field blank, you need to restart or delete the job inside your SAP System to clear the generated Warning or Critical check status.

Number of Simultaneous Running Jobs

You may define Warning and/or Critical thresholds for the number of simultaneously running Jobs with the same name.

Job Start Delay Time

You may define Warning and/or Critical thresholds for the delay of Job start.

Maximum Job Run Time

You may define Warning and/or Critical thresholds for the maximum Job run time.

Minimum Job Run Time

You may define Warning and/or Critical thresholds for the minimum Job run time.

Maximum Time Since Last Job Start

You may define Warning and/or Critical thresholds for the maximum elapsed time since the last start of the Job.

Show OK Status

Check this flag if you want to display the jobs finished properly in the check message.

SAP_PI_COMMCHANNELS

Verify specific PI communication channels.

Description

This Custom Check allows you to monitor dedicated PI communication channels. Like the default check PI_CommChannels, it measures the time an individual channel is in ERROR state and compares it to the Warning and Critical time thresholds to determine the state of the custom check.

You may filter the channel list for the channel attributes party, service, channelName, and activationState. The check will be applied to all channels matching each of the filter attributes, i.e. the criteria are logically AND related. To match multiple channels, you may use the wildcard * to match 0..n arbitrary characters. You can specify multiple patterns per filter attribute by concatenating them with a comma.

The check result will show all matching channels, regardless of their error state.

Configuration
Party

Define a filter expression for the party attribute of a communication channel; use the wildcard character (*) to define a pattern and/or a comma-separated list of patterns to match multiple channels.

Example: party_A, party_B

Service

Define a filter expression for the service attribute of a communication channel; use the wildcard character (*) to define a pattern and/or a comma-separated list of patterns to match multiple channels.

Example: \*_service_A, *_service_B

Channel

Define a filter expression for the channel name attribute of a communication channel; use the wildcard character (*) to define a pattern and/or a comma-separated list of patterns to match multiple channels.

Example: *prod_sender*

Message

Define a filter expression for the message attribute of a communication channel; use the wildcard character (*) to define a pattern and/or a comma-separated list of patterns to match multiple channels.

Example: *exception*

Activation State

Define a filter expression for the activation state attribute of a communication channel; use the wildcard character (*) to define a pattern and/or a comma-separated list of patterns to match multiple channels.

Example: STARTED

Channel State

Define a filter expression for the channel state attribute of a communication channel; use the wildcard character (*) to define a pattern and/or a comma-separated list of patterns to match multiple channels.

Example: STARTED

SAP_QRFC_IN_QUEUE

Verify dedicated qRFC inbound queues with special parameters.

Description

This Custom Check allows the monitoring of dedicated inbound qRFC queues similar to transaction SMQ2. It supplements the native checks QRFC_IN_ERRQ and QRFC_IN for users with special requirements, i.e. to monitor a given queue with special settings different from the native standard checks.

For configuration please refer to the corresponding Custom Check type SAP_QRFC_OUT_QUEUE Custom Check. All settings are exactly the same, with the only difference that they refer to inbound queues.

Configuration

Please refer to configuration section of SAP_QRFC_OUT_QUEUE Custom Check.

SAP_QRFC_OUT_QUEUE

Verify dedicated qRFC outbound queues with special parameters.

Description

This Custom Check allows the monitoring of dedicated outbound qRFC queues similar to transaction SMQ1. It supplements the native checks QRFC_OUT_ERRQ and QRFC_OUT for users with special requirements, i.e. to monitor a given queue with special settings different from the native standard checks.

First, define a set of queues using the queue name and optionally clients on which the Warning and Critical conditions are applied. It is allowed to define only one condition. If at least one queue in the set matches either condition, the whole Custom Check check status will be set to the condition matched.

Configuration
Include Queue Names (required)

Define one or a set of qRFC queues which are to be monitored. Multiple queues can be entered separated by comma (,). You can use spaces before or after a separating comma since they are ignored. In case your queue name contains a comma, you need to escape it with \. Wildcard * is supported.

Example: MYQUEUE1, MYQUEUE2*

Exclude Queue Names

Define one or a set of qRFC queues which are to be excluded from the include set above. For multiple queues, the same applies as for Include Queue Names. In the upper example, all queues MYQUEUE2* are included. Using MYQUEUE2EX1, MYQUEUE2EX2, you can exclude two queues from the set.

Include Clients

Limit upper defined queue names to a list of specified clients. Leave this field blank to get qRFC queues from all clients. Multiple clients can be entered separated by a comma. You can use spaces before or after a separating comma since they are ignored. Wildcard * is supported.

Example: 800, 9*

Excluded Clients

Define one or a set of clients which are to be excluded from the include set above. For multiple clients, the same applies as for Include Clients. In the upper example, all queues 9* are included. Using 910, 911, you can exclude two clients from the set.

All/Any

Define if all conditions provided must match a queue to be reported or if any of the conditions is enough.

Queue is reported as hanging or erroneous

Condition is matched if the status of the queue is marked as erroneous or hanging by the SAP system. Examples: CPICERR, SYSFAIL, and others.

Status of Queue is one of

Using this option you can exactly define which status a queue must have to match the condition. You can specify a list of status strings either separated by comma or spaces.

Status of Queue is not one of

As before but the other way round: you might for example want to have all status reported except one which is the OK status.

Number of queued entries is >=

Condition matches if the number of queued entries is equal to or above the given threshold.

Age of oldest queued entry is >=

Condition matches if the age of the oldest (i.e. the first) queued entry is equal to or above the given threshold. The format is days/hours/minutes, with the digit followed by the one-letter abbreviation of the unit, i.e. d/h/m. You use more than one unit, e.g. 1d 12h or 1h 30m.

SAP_R3SYSLOG

Monitor entries in the SAP System Log.

Description

The SAP_R3SYSLOG Custom Check is an SAP Instance Custom Check. It allows you to monitor the SAP Instance’s system log (as displayed in transaction SM21) in many different ways. You may set up the Check to report a special system log entry or you define to report all messages of a given problem class.

If you fill in multiple criteria only entries matching all criteria are reported.

Configuration
Alert R3 Syslog Entry as

Define the check status in case a matching system log entry is found.

Watch Syslog Entries of last

Enter the time span you wish to monitor.

Filter on

Define whether you want to watch for certain system log entries or for a whole problem class.

Message Text

Define a message text you want to filter. The wildcard * is supported.

Only available if Syslog Entries is selected for Filter on.

Message Numbers

Fill in a (blank-separated) list of message numbers to watch for.

Only available if Syslog Entries is selected for Filter on.

Problem Class

Select the problem class you want to monitor.

Only available if Syslog Entries is selected for Filter on.

Transactions

Restrict to certain transactions. Multiple entries have to be separated by a blank. The wildcard * is supported.

Only available if Syslog Entries is selected for Filter on.

Clients

Restrict to certain clients. Multiple entries have to be separated by a blank.

Only available if Syslog Entries is selected for Filter on.

Users

Restrict to certain users. Multiple entries have to be separated by a blank. The wildcard * is supported.

Only available if Syslog Entries is selected for Filter on.

WP-Type

Restrict to a certain work process type.

Only available if Syslog Entries is selected for Filter on.

Excluded Message Numbers

Exclude a list of message numbers or a list of message number ranges.

Only available if Program Class is selected for Filter on.

SAP_REPORT

Run your own ABAP monitoring report.

Description

This Custom Check allows you to execute an arbitrary ABAP report available in the SAP System.

The report result must have the following structure:

  • First Line: The keywords OK, WARNING, or CRITICAL (case sensitive!)

  • Following lines: Any free text displayed as check message.

  • Each line has a maximum length of 256 characters.

Configuration
Report

Fill in the name of the report

Variant

Define optionally the variant of the report.

The variant has to be defined in the logon client of the RFC user.

SAP_ApplicationLog

Verify SAP ApplicationLog entries.

Description

This custom check reads the SAP Application Log entries and reports a WARNING or CRITICAL check status when specific entries are found. Please refer to SAP transaction slg1. Use the configuration filters below to select specific logs. You may leave some filters empty to ignore this field.

Configuration
Client

Read-only application log entries from the clients defined here. Multiple clients are supported. If you leave it empty, the client defined for the SAP RFC user will be used.

Time interval

Read-only log entries written within the last configured minutes.

Object

Read-only logs from this object. Wildcard * is allowed. Use a comma to separate multiple values.

Subobject

Read-only logs from this subobject. Wildcard * is allowed. Use a comma to separate multiple values.

External ID

Read-only logs from this External ID. Wildcard * is allowed. Use a comma to separate multiple values.

User

Read-only logs from this User. Wildcard * is allowed. Use a comma to separate multiple values.

Transaction Code

Read-only logs from this Transaction Code. Wildcard * is allowed. Use a comma to separate multiple values.

Program

Read-only logs from this Program. Wildcard * is allowed. Use a comma to separate multiple values.

Log Class

Define the log class to which the log entry must belong.

Log Creation

Define the log creation process type to filter log entries from. You may filter by multiple process types.

Message Filter

Define the log message filter to filter log entries from. You may filter by multiple message filters.

Warning Threshold

The check becomes a WARNING if your SAP application log selection criteria select more log entries than the defined threshold.

Critical Threshold

The check becomes CRITICAL if your SAP application log selection criteria select more log entries than the defined threshold.

Include all log messages in check result

Check this box if you want to include all application log messages in the check result. If this box is not checked, only the first message is included in the check result. This option has no effect on log entry selection. It is only used to display more detailed information in the check result.

SAP_RFC_DEST

Verify up to eight RFC destinations.

Description

This Custom Check allows the monitoring of RFC destinations as defined in transaction SM59. You can define up to eight destinations, and for each of them, the check status reported if the destination is not available.

You can also include an RFC user authorization test.

Configuration
RFC Destination #[n]

Define at least one RFC destination.

Alert As

Choose the check status to return in case the connection test fails.

SAP_SYS_CHANGE_OPTIONS

Monitors SAP system change options against user configured given values.

Description

This {custom-check} is available for SAP ABAP systems and monitors SAP system change options (configured in transaction SE06) against user configured given values. You may, for example, make sure that for a production system all system change options are set to _Not modifiable. This can be easily configured and then monitored by this Custom Check.

Configuration
Software Component

Enter the technical name of the software component you want to apply a rule for. You can define multiple entries separated by a comma. Any white spaces before or after the comma will be ignored. Wildcard * is supported as well.

Namespace/Name Range

Enter the technical ID of the namespace you want to apply a rule for. You can define multiple entries separated by a comma. Any white spaces before of after the comma will be ignored. Wildcard * is supported as well.

Exclude (optional)

Optionally exclude software components or namespaces from include rule before. For example, you may want to apply the Not modifiable rule to all software components using * but want to exclude components LOCAL and HOME.

Rule

Define the rule you want to check on the set of software components/namespaces defined. Select either:

Modifiable must be, Modifiable must NOT be, Software component/namespace must exist, Software component/namespace must not exist

Modifiable

Define the Modifiable given value for this rule. As in transaction SE06, for software change options, you have the choice between 4 options. For namespaces, there are only two, modifiable or not.

Tag

Free text field to add a custom reference which will appear in the check output. This might be useful in Service Level Reports to document a certain paragraph or the like.

Status if Rule is violated

Define the status if the rule is violated, either Warning or Critical. The overall Check status will be the worst of all rules.

SAP_TA_RUNTIME

Monitor run time of named transactions.

Description

This Custom Check allows you to monitor the dialog response time of a given transaction in either all clients or a specific client. It returns a Warning or a Critical Check Result if your key transactions do not perform well.

For newly created SAP_TA_RUNTIME Custom Checks, the initial check message Current SAP status is UNKNOWN is normal. It usually disappears within the next check cycle and is replaced by the transaction runtime.

If you select individual instances for this Custom Check, you always have to add the Central instance of the SAP System into your selection. Otherwise, the Check will not run. You can, of course, deactivate the Custom Check running on the Central SAP Instance.

Configuration
Transaction

Define the transaction code of the transaction to be monitored. If you do not know your transaction code, open the transaction to be monitored with SAP GUI and choose System  Status. You will find the transaction code in the dialog displayed.

Client

If you want to restrict the runtime to be evaluated in a single client only, you may enter the client number. It is possible to monitor all transactions of a given client as well. In this case, leave the Transaction field blank and fill in the client only.

Warning alert if runtime is above

Define a Warning threshold for the runtime.

Critical alert if runtime is above

Define a Critical threshold for the runtime.

SECURITY_AUDIT_LOG

Monitor the security audit log of ABAP systems.

Description

This Custom Check provides monitoring of the security audit log of SAP ABAP systems. It corresponds to what can be done with transaction SM20, so you will find the config of this custom check equal to what can be done in the transaction’s user interface. The evaluation works across all instances.

This Custom Check requires the API for RSUSR002 to determine users according to complex selection criteria. It is available starting from SAP Basis 7.50, but as well for older SAP releases back to 7.00. However, the older releases have to be on a certain support package level, please see SAP Note 1930238 – SUIM: API for RSUSR002 for more information which support package is required for the corresponding release.

For systems with SAP Basis release 7.50 and above: The SECURITY_AUDIT_LOG works no matter if the security audit log recording target is set up as Record in File System or Record in Database (see also transaction RSAU_CONFIG). If Record in Database or Record in Database and File System is configured, the check will search in the database instead of in the file system.

Configuration
Time interval (in minutes)

The time to search back in the audit log from the point in time the check is evaluated. This time configures as well how long entries are displayed. If you set up the check for RealTime Monitoring, reasonable values would be 60 or 120 minutes. In case you may want to run it as Daily Checks, e. g. to document additionally on a daily basis, you might want to enter 1440 minutes, for one day.

Clients (wildcard * allowed)

Define the clients to filter the audio log records. If you specify *, all clients in the system are checked, except the ones on the exclude list.

Exclude clients (optional)

Exclude clients from being checked. This makes sense if * is used as the client list above.

Users (wildcard * allowed)

Define the users you want to check, again wildcard * might be useful to specify a certain selection. If you don’t want to filter on users, you can as well leave this field blank.

Exclude users (optional)

Exclude users from being checked. This makes sense if you want to check all users except those for whom it is well known that records exist.

Msg ID (wildcard * allowed)

Directly define 3 characters audit message IDs to query for. You can use wildcard * to use to specify selections for example use AU* to query for all message IDs stat start with AU. You can leave this field as well blank and filter on whole audit classes. If used together with audit classes, both selections are linked by and OR operation.

Exclude Msg ID (optional)

Exclude message IDs from being checked. This makes sense if a range with * is used as the message IDs and you want to exclude individual message IDs.

All lists items in the clients, users, and message ID fields are to be separated by ,. Trailing or leading spaces are ignored.
Audit Classes — Dialog Logon, RFC/CPIC Logon, …

Filter for the selected audit classes. If you do not specify anything, this is the same as select for all. If used together with message ID selection, both criteria are linked by an OR operation.

Event Type

Filter on the type of event, choose either All, Severe and Critical, or Only Critical.

Warn Count/Crit Count

Specifies the number of records that are to be found to turn the check result status to the corresponding check status. For example, if you want to check to be Critical starting from one found record, enter 1 into the Crit Count field.

If you don’t enter a number in one of the Warn/Crit Count fields, the check result will be Ok. This might be useful for a check which is intended for info purposes only.

SECURITY_AUDIT_LOG_CONFIG

Monitor the security audit log configuration of ABAP systems.

Description

This Custom Check provides monitoring of the security audit log configuration of SAP ABAP systems. It corresponds to what can be done with transaction SM19 or RSAU_CONFIG, so you will find the config of this custom check equal to what can be done in the transaction’s user interface.

With this Custom Check you can define audit classes (Classic event selection) or message IDs (Detail event selection) which must be checked on your SAP system for a specific set of clients and a specific set of users. If your SAP system does NOT have these audit classes or message IDs set, the check reports a Critical or Warning status.

Configuration
Event Selection

SAP ABAP systems provide two transactions to configure security audit log configuration: SM19 and RSAU_CONFIG. While SM19 provides only basic selection criteria, the newer RSAU_CONFIG provides much more detailed configuration settings.

If the security audit log configuration is configured with transaction SM19, then use the Classic selection. If the security audit log configuration is configured with transaction RSAU_CONFIG, then use the Detail selection.

Clients (select all with *)

Define the clients for which you want to check the security audit log configuration. If you specify *, the security audit log configuration must be set on all clients.

Users (select all with *)

Define the users for which you want to check the security audit log configuration. If you specify *, the security audit log configuration must be set for all users.

Event Prio (Classic only)

Define the event priority which must be set for the defined client(s) and users(s). Choose either All, Severe and Critical, or Only Critical.

Audit Classes — Dialog Logon, RFC/CPIC Logon, … (Classic only)

Mark the audit class which must be selected for the defined client(s) and users(s). You cannot deselect the System Events checkbox, this is always enabled from SAP by default.

Msg IDs (Detail only)

Setting the security audit log for specific message IDs can be configured in RSAU_CONFIG and only in Detail event selection. Directly define the 3 characters audit message IDs to check for. Wildcards * are supported.

Status if rule does not match

Report this status if your SAP system does not have the required security audit log configuration for the defined client(s) and users(s).

Tag

Use this optional tag to show a specific message for this check in the check result. Free text field to add a custom reference which will appear in the check output. This might be useful in Service Level Reports to document a certain paragraph or the like.

All lists items in the clients, users, and message ID fields are to be separated by ,. Trailing or leading spaces are ignored.

SQL_QUERY

Query the database of the Managed Object and evaluate result data.

Description

The SQL Query Custom Check can be used to create Database Checks with a user-defined SQL query and an optional user-defined evaluation logic.

You need a Java Virtual Machine 1.8.0_65 or higher in order to make use of all functions of this Check.

Usually, you will define some JavaScript code to provide evaluation logic that operates on the result set returned by the SQL query. However, in a simpler case, you can use the Alias Column Syntax with aliases xandria_message and xandria_status to add a check message and set the check status. The rows in a xandria_message column are concatenated, and the worst row value of xandria_status defines the check status of the Custom Check.

Configuration
SQL Query

Define the SQL SELECT statement to perform on the Database. Update, delete, and other queries which could modify data will not be executed for security reasons.

See also this document SQL_Query Custom Check.

Evaluation Script

Define a JavaScript code snippet to provide the evaluation logic. See JavaScript based Custom Check API below on how to use the provided API.

See also this document SQL_Query Custom Check.

Query only

If the SQL query is simple and no evaluation logic is necessary, there is an option to write an SQL query without writing an evaluation script. Define the following columns in your query:

xandria_status

the status of the actual row. The values must be 2 for CRITICAL, 1 for WARNING, 0 for OK, -1 for UNKNOWN

xandria_message

the check message of the actual row

Example: select xx as xandria_status, yy as xandria_message, …​ from …​ where …​

Avantra Agent executes the query above. Then all xx values (xandria_status) are read and the worst one defines the overall status of the check. After that all yy values (xandria_message) are read. The agent computes a check message with those values. Finally, all other fields are read and a table is created for you which shows the result values.

Use the database functions case when else (depends on your RDBMS) to create an appropriate check status and check message.

USER_AUTHORIZATIONS

Verify user authorizations of SAP ABAP systems.

Description

This Custom Check allows the monitoring of user authorizations in SAP ABAP systems. This very much helps you to ensure and continuously monitor, that there are no users with too much or the wrong set of permissions. Organizations often require to segregate different duties, so if a certain user has a given authorization A, he must not have authorizations B and/or C. This kind of check can be done with USER_AUTHORIZATIONS as well.

Please also see this solution document USER_AUTHORIZATIONS Custom Check Examples, it provides various examples which are a good starting point to apply your organization’s rules.

This Custom Check requires the API for RSUSR002 to determine users according to complex selection criteria. It is available starting from SAP Basis 7.50, but as well for older SAP releases back to 7.00. However, the older releases have to be on a certain support package level, please see SAP Note 1930238 – SUIM: API for RSUSR002 for more information which support package is required for the corresponding release.

This Custom Check is designed to work cross client, although the Avantra RFC user is defined in one specific client only. For other clients than the one specified by the RFC user, the Avantra Agent logs on with the same credentials. So you need to make sure, that the same user is maintained in any client you want to have user authorisations checked.

Configuration
Clients (wildcard * allowed)

Define the clients the user authorizations are to be checked. If you specify *, all clients in the system are checked, except the ones on the exclude list.

Exclude clients (optional)

Exclude clients from being checked. This makes sense if * is used as the client list above.

Users (wildcard * allowed)

Define the users you want to check, again wildcard * might be useful to check all users.

Exclude users (optional)

Exclude users from being checked. This makes sense if * is used in the user list above. For example, you might want to exclude certain system users, like SAP* or DDIC.

All lists items in the clients and users fields need to be separated by ,. Trailing or leading spaces are ignored.
Find users who have — all authorization objects below (AND)

The check will search for users which match all of the authorization objects specifications listed below.

Find users who have — at least one of the authorization objects below (OR)

The check will search for users which at least one of the authorization objects specifications listed below. This is especially useful to check that important authorizations are not given to any user, except some users.

Find users who have — first authorization object and at least one of the following authorization objects (OR)

This specific condition is intended for segregation scenarios. If a user matches the first row, all the following rows starting from 2 to n are checked, and if a least one of 2-n matches, the whole condition is true.

Check is Status if users are found matching criteria

Choose a check status, mostly Critical or Warning cause usually you would search for unwanted authorizations.

Authorization Object

This is the authorization object to be checked. For example, to check for permission to maintain users, you would enter S_USER_GRP. See the corresponding SAP transaction.

Field

This corresponds to the authorization object. In the case of the example with S_USER_GRP the field would be ACTVT, i. e. an authorizations activity.

Value

The value of the corresponding field to check. In the case of activities ACTVT, these are numbers, but it could as well be transaction codes, i. e. text strings. Multiple values are separated by spaces or commas.

Value Condition

Either Select users having all listed values, or Select users having at least one of the listed values. This way you could for example, select for forbidden activities of a certain authorization object in one line.

USER_PROFILES

Verify user profile assignments of SAP ABAP systems.

Description

This Custom Check allows the monitoring of user profiles and role assignments in SAP ABAP systems. This very much helps you to ensure and continuously monitor, that there are no users with too many permissions. The most famous example is if any user except system ones have the SAP_ALL and/or SAP_NEW profiles assigned.

Please checkout as well the solution document USER_PROFILES Custom Check Examples, it provides various examples which are a good starting point to apply your organization’s rules.

This Custom Check requires the API for RSUSR002 to determine users according to complex selection criteria. It is available starting from SAP Basis 7.50, but as well for older SAP releases back to 7.00. However, the older releases have to be on a certain support package level, please see SAP Note 1930238 – SUIM: API for RSUSR002 for more information which support package is required for the corresponding release.

This Custom Check is designed to work cross client, although the Avantra RFC user is defined in one specific client only. For other clients than the one specified by the RFC user, the Avantra Agent logs on with the same credentials. So you need to make sure, that the same user is maintained in any client you want to have user authorisations checked.

Configuration
Clients

Define the clients the user profiles and roles are to be checked. If you specify *, all clients in the system are checked, except the ones on the exclude list.

Exclude clients

Exclude clients from being checked. This makes sense if * is used as the client list above.

Users

Define the users you want to check. If you want to check all users, you can simply leave this field blank or enter *.

Exclude users

Exclude users from being checked. This makes sense if all users are to be checked * is used in the user list above. For example, you might want to exclude certain system users, like SAP* or DDIC.

All lists items in the clients and users fields need to be separated by ,. Trailing or leading spaces are ignored.
Find users who have — all profiles and all roles below (AND)

The check will search for users which have all profiles and all roles listed assigned. In the real world, it makes sense to check for profiles and roles separately, for example, to run a check which checks for SAP_ALL and SAP_NEW profiles.

Find users who have — at least one of the authorization objects below (OR)

The check will search for users which have any of the profiles or roles listed assigned. This would be the right choice to check for users which have SAP_ALL or SAP_NEW profiles assigned.

Profiles

List of profiles to search for separated by ,. Trailing or leading spaces are ignored.

Roles

List of roles to search for separated by ,. Trailing or leading spaces are ignored.

Check is check status if users are found matching criteria

Select the severity of the check result if users are found. Possibly only Critical and Warning make sense here.

WIN_SERVICE

Monitor if Microsoft Windows Services are running.

Description

The WIN_SERVICE Custom Check allows you to monitor if a certain Service on a Microsoft Windows host is or is not running. This Custom Check has no effect on Unix-like operating systems.

Reference Data
Managed Object

Dynamic Group or Static Group of Servers, SAP Instances, SAP Systems, stand-alone Databases

Depends on

AGENTALIVE

Configuration
Service Name

Define the display name or the technical service name in this field. You can find the technical Service Name in the field Service Name of the General tab in the Properties of the respective service.

Use the Services snap-in of the Microsoft Management Console. The display name is consequently shown in the Display Name field at the same tab. You must not use the executable name.

This field may contain Custom Check Macros.

Status If Service Is Running

Select the check status in case the service is running.

Else

Select the check status in case the service exists but is not running.

Status if service does not exist

Select the check status in case the service does not exist.

Custom Check Macros

Use placeholders for greater flexibility in Custom Check definitions.

Description

Custom Check Macros are placeholders replaced with values specific to the particular System the Custom Check is executed on. Using these Macros provides greater flexibility in Custom Check definition for multiple Systems.

%%BAS_REL%%
%%BASE_DIR%%
Description

The installation directory of {avantra-agent}, i.e. C:\Program Files (x86)\syslink\agent on Microsoft Windows operating systems and /syslink/agent/ on Unix-like operating systems. Also referred to as `[agent`basedir] in this section.

You most likely need to set quotes while referencing this Macro.

%%BIN_DIR%%
Description

The bin directory of {avantra-agent}, i.e. `[agent`basedir]/bin.

You most likely need to set quotes while referencing this Macro.

%%CFG_DIR%%
Description

The cfg directory of {avantra-agent}, i.e.`[agent`basedir]/cfg.

You most likely need to set quotes while referencing this Macro.

%%CI_ID%%
%%CI_NAME%%
%%CI_SYSNO%%
%%DB_HOST%%
Description

The name of the Server monitoring the Database.

If the Custom Check is executed for an SAP System this macro is only available if the Run Custom Check on DB Host of SAP System (instead of Central Instance Host) flag is set.

%%DB_ID%%
Description

The internal ID of a stand-alone Database.

If the Custom Check is executed for an SAP System this macro is only available if the Run Custom Check on DB Host of SAP System (instead of Central Instance Host) flag is set.

%%DB_NAME%%
Description

The name of a Database.

If the Custom Check is executed for an SAP System this macro is only available if the Run Custom Check on DB Host of SAP System (instead of Central Instance Host) flag is set.

%%DB_PASSWD%%
Description

The password corresponding to %%DB_USER%%.

If the Custom Check is executed for an SAP System this macro is only available if the Run Custom Check on DB Host of SAP System (instead of Central Instance Host) flag is set.

%%DB_PASSWD2%%
Description

The password corresponding to %%DB_USER2%%.

If the Custom Check is executed for an SAP System this macro is only available if the Run Custom Check on DB Host of SAP System (instead of Central Instance Host) flag is set.

%%DB_PASSWD_JAVA%%
Description

The password corresponding to %%DB_USER_JAVA%%.

If the Custom Check is executed for an SAP System this macro is only available if the Run Custom Check on DB Host of SAP System (instead of Central Instance Host) flag is set.

%%DB_PORT%%
Description

The listening port of the Database.

If the Custom Check is executed for an SAP System this macro is only available if the Run Custom Check on DB Host of SAP System (instead of Central Instance Host) flag is set.

%%DB_UNIFIED_NAME%%
Description

The unified Database name of a stand-alone Database.

If the Custom Check is executed for an SAP System this macro is only available if the Run Custom Check on DB Host of SAP System (instead of Central Instance Host) flag is set.

%%DB_USER%%
Description

The user name used by the Avantra Agent to access the Database. For the Database instance of an SAP System it corresponds to the ABAP schema user.

If the Custom Check is executed for an SAP System this macro is only available if the Run Custom Check on DB Host of SAP System (instead of Central Instance Host) flag is set.

%%DB_USER2%%
Description

The name of the administrative user of a MaxDB Database.

If the Custom Check is executed for an SAP System this macro is only available if the Run Custom Check on DB Host of SAP System (instead of Central Instance Host) flag is set.

%%DB_USER_JAVA%%
Description

The user name used by the Avantra Agent to access the Java schema of a Database instance of an SAP System.

If the Custom Check is executed for an SAP System this macro is only available if the Run Custom Check on DB Host of SAP System (instead of Central Instance Host) flag is set.

%%DBT%%
@@[env_var]@@
Description

Replaced by the environment variable [env_var], if available. The environment variable [env_var] must be defined in the environment of the user running the Avantra Agent.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

Server, SAP Instance, SAP System, Database

%%I_ID%%
Description

The (internal) ID of SAP Instances the Custom Check is executed for.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

Server, SAP Instance, SAP System

%%I_NAME%%
Description

The name of SAP Instances the Custom Check is executed for.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

Server, SAP Instance, SAP System

%%I_PATH%%
Description

Resolves to the instance path, e.g. /usr/sap/C11/DVEBMGS00.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

SAP Instance

%%I_SYSNR%%
Description

The system numbers of SAP Instances the Custom Check is executed for.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

Server, SAP Instance, SAP System

%%I_TYPE%%
Description

The type of SAP Instances the Custom Check is executed for.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

Server, SAP Instance, SAP System

%%J2EE_PWD%%
Description

The J2EE user password corresponding to the Macro to %%J2EE_USR%%.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

SAP Instance, SAP System

%%J2EE_USR%%
Description

The J2EE user name used by the Avantra Agent to access the SAP System.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

SAP Instance, SAP System

%%LOG_DIR%%
Description

The log directory of {avantra-agent}, i.e. `[agent`basedir]/log.

You most likely need to set quotes while referencing this Macro.

%%NEWLINE%%
Description

The newline character. Newlines entered into the Command Line Call field are provided for better readability only, they are stripped once the call is executed. If you need to define a newline in your command line call, you may use this macro.

Available for Custom Checks

RUN_PROG Custom Check

Available for System Type

Server, SAP Instance, SAP System, Database

%%ORACLE_HOME%%
Description

Oracle Home directory, as detected by the Agent or set by ORAHomeDir.

If the Custom Check is executed for an SAP System this macro is only available if the Run Custom Check on DB Host of SAP System (instead of Central Instance Host) flag is set.

Available for System Type

Oracle <<database, SAP System with Oracle

%%PROG_DIR%%
Description

Probably the most important macro at all. Contains the absolute name of the directory containing the script/program to be executed in a RUN_PROG Custom Check.

Is only set if Avantra is in charge of deploying the program, and it is only available in the fields Program Executable Name and Command Line Call.

It corresponds to the value defined in the Program Directory field, which is by default `[agent`basedir]/libexec/[custom_check_name]_.

You most likely need quotes while you reference this Macro.

%%PROG_NAME%%
Description

Contains the name of the script/program to be executed in a RUN_PROG Custom Check.

Is only set if Avantra is in charge of deploying the program, and it is only available in the fields Program Executable Name and Command Line Call.

%%PROG_PATH%%
Description

Contains the absolute path of the script/program to be executed in a RUN_PROG Custom Check.

Is only set if Avantra is in charge of deploying the program, and it is only available in the fields Program Executable Name and Command Line Call.

You most likely need quotes while you reference this Macro.

%%RFC_PWD%%
Description

The RFC user password corresponding to the Macro to %%RFC_USR%%.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

SAP Instance, SAP System

%%RFC_USR%%
Description

The RFC user name used by the Avantra Agent to access the SAP System.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

SAP Instance, SAP System

%%RSID%%
Description

The Real SAP SID of SAP Systems the Custom Check is executed for.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

Server, SAP Instance, SAP System

%%SAPCONTROL_PWD%%
Description

The SAPControl user password corresponding to the Macro to %%SAPCONTROL_USR%%.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

SAP Instance, SAP System

%%SAPCONTROL_USR%%
Description

The SAPControl user name used by the Avantra Agent to access the SAP System.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

SAP Instance, SAP System

%%SRV_DNSDOMAIN%%
Description

The macro contains the contents of the Server’s DNS Domain field.

Available for System Type

Server, SAP Instance, SAP System, Database

%%SRV_FQDN%%
Description

The macro contains the contents of the Server's FQDN or Ip Address field.

Available for System Type

Server, SAP Instance, SAP System, Database

%%SRV_ID%%
Description

The internal ID referencing the Server the Custom Check is executed on.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

Server, SAP Instance, SAP System, Database

%%SRV_NAME%%
Description

The name referencing the Server the Custom Check is executed on.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

Server, SAP Instance, SAP System, Database

%%TMP_DIR%%
Description

The tmp directory of {avantra-agent}, i.e. `[agent`basedir]/tmp.

You most likely need to set quotes while referencing this Macro.

%%USID%%
Description

The Unified SAP SID of SAP Systems the Custom Check is executed for.

Available for Custom Checks

FILE_EXISTS, FILE_UPTODATE, FILE_CONTENT, NW_RESPONSE, PROCESS, RUN_PROG, HTTP_RESPONSE LOG_ADAPTER, WIN_SERVICE

Available for System Type

Server, SAP Instance, SAP System

JavaScript based Custom Check API

Avantra features two Custom Checks types which are based on JavaScript: SQL_QUERY and RUN_JS.

Avantra Data

This is the API to work with Avantra data, i.e. to write Check and performance data and to get monitoring parameter values. The following objects can simply be used in the JavaScript program without any declaration, as they are hosted by the JavaScript provided by the Agent.

Objects

Object: check

The check object is used to create the check result including, message, status, table.

Property

Description

Example

status

Set the status of the check. Valid values are: OK, WARNING, CRITICAL, UNKNOWN

check.status = WARNING;

statusIfWorse

This property sets the status of a check only when the status assigned is worse than the current check status.

This is most likely what you want to use if you determine the check status from multiple values returned by e.g. multiple rows of data.

check.statusIfWorse = OK;

 // set the status to WARNING
check.statusIfWorse = WARNING;

 // the next assignment is ignored, because the actual status is already set to WARNING
check.statusIfWorse = OK; // ignored

message

Set the result message of the check. The result message appears in the check overview and in the detailed window.

check.message = “Everything OK”;

result

Directly set the result table. This property can only be filled with the result of an SQL query.

check.result = result;

Function

Description

Example

addTableColumn(name)

Add a column to the check result table.

check.addTableColumn("A");

addTableColumn(name,type)

Add a new column to the check result table with a given name and a given type. Valid types are:

string

a text (default)

integer

an integer number

decimal

a float number

check.addTableColumn("Count", "integer");

addCell(value)

Add a new table row cell to the check result table.

check.addCell("1");

addCell(value,status)

Add a new table row cell to the check result table and marks the cell with the passed in status.

check.addCell("2", OK);

newRow()

Add a new row to the check result table. News rows must be added when all cells are added with one of the addCell() calls above.

check.newRow();

Object: performance

The performance object provides the option to write performance values. Those performance values are used to generate charts in the Avantra UI and reports. The performance values are attached to the database object in Avantra.

The used performance resource must first be defined in the Avantra UI in Configuration → Performance Data. You must define a new custom Type and custom Chart for this performance values. (see Configuring Custom Performance Data Resource Types).

Function

Description

Example

writePerformanceValue(performance resource, value)

Write one single performance value.

performance.writePerformanceValue("My Counter", 123);

writePerformanceValue(performance resource, value, resource)

Write one single performance value and assign it to the resource 'resource'

performance.writePerformanceValue("My Counter", 123, "My Resource");

Object: monitoredSystem

The monitoredSystem object provides access to data of the monitored object which runs the custom check. At the moment there is only one method to get monitoring parameter values.

Function

Description

Example

getMoniParam(name)

Get the monitoring parameter value

monitoredSystem.getMoniParam("cust.MyMonitoringParameter");
Number(monitoredSystem.getMoniParam("cust.MyMonitoringParameter"));

Code Samples

Example 6. Iterate over result rows
for (var i = 0; i < resultRows.length; i++) {
    var row = resultRows[i];
    // do something with row
}
Example 7. Iterate over result rows and read fields
for (var i = 0; i < resultRows.length; i++) {
    var row = resultRows[i];
    // read fields
    var start = row.getValue("col_a");
    var end = row.getValue("col_a");
    // do something with fields
}
Example 8. Write a check status and message
check.status = OK;
check.message = "Hello World!";
Example 9. Add two table column to result table
check.addTableColumn("A");
check.addTableColumn("B");
Example 10. Add a table row and table value
check.newRow();
check.addCell("value for column a");
check.addCell("value for column b");
Example 11. Error handling
if (error) {
	// error handling goes herer
    check.status = WARNING;
    check.message = "An Error happened: " + error;
}
else {
    // start here with the 'normal'
    // check evaluation logic
}
Example 12. Status comparison

Following status objects are provided to create the check result: OK, WARNING, CRITICAL, UNKNOWN

You can assign those status objects to local variables and use them in your evaluation script. If you want to compare the status objects, you must use the getValue() function on the status objects. The getValue() function returns an integer value which can be compared with the comparison operators (<, >, <=, >=). The integer values returned from getValue() are:

CRITICAL:  2
WARNING:   1
OK:        0
UNKNOWN:  -1
var status = computeAStatus(some, params);
if (status.getValue() > OK.getValue()) {
    // we land here, if the value of the status objects is greater (more severe) than OK
    // do something
}

Miscellaneous

print()

The script logic is executed by the Avantra Agent. There is no option to debug the execution of the script. But the API provides a print() function that allows the output of messages during the script execution. The printed statements are written to the check result and thus are visible in the UI.

print("Start script execution");

This statement writes the message to the check result. The print() statement is designed for development use.

Code comments

Use two slashes to comment code lines.

// this is a comment and is ignored in script evaluation`
Strict Mode

The evaluation scripts are always executed in strict JavaScript mode. Strict mode requires that all variables are defined with var.

localStorage

It is possible to store values in the evaluation script and use those values in subsequent evaluations. With this feature, it is for example possible to calculate differences of values between two script evaluations. The usage is very simple with the provided object localStorage.

Example 13. Put a value to the localStorage
localStorage.setItem("name", value); // put the value into localStorage with the name "name"
Example 14. Read a value from localStorage
var value = localStorage.getItem("name");  // read a value from the localStorage with the name "name"

// second option with a default value if the value does not exist in the localStorage
// read a value from the localStorage with the name "name", if the value does not exist, 0 is returned.
var value = localStorage.getItem("name", 0);

The values in the localStorage are only available to the current custom check. It is not possible to share values between different custom checks.

You may read the following article on how to work with lists. Also, some simple code examples can be found here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array

OS Interface

Object

Method/Property

Arguments

Function

Example

os

exec()

Command

Run the command on the OS – returns result object

var result = os.exec("sh -c 'ls -al /usr/sap'");

result

out

Get the STDOUT and STDERR of the command’s output

check.message = result.out;

result

exitCode

Get the exit code of the command

[source,javascript] ---- check.status = result.exitCode; ----

Example 15. Example: Get the content of the /opt directory by a Unix command

The example is a bit silly, but it demonstrates how it works. Simply create a RUN_JS custom check for a Linux server, copy & paste the code example below, and you can see it work.

var result = os.exec("sh -c 'ls -al /opt'");

if (result.exitCode === 0) {
    check.status = OK;
    check.message = "The content of directory /opt is:\n";
}
else {
    check.status = WARNING;
    check.message = "Command failed!\n";
}

check.message = check.message + result.out;

Database Interface

The following API uses the database connection of the monitored object the Custom Check is deployed to. The SQL_QUERY custom check type does not require the database object, since the query has already been executed when the script is running. However, the RUN_JS check requires the database object to execute a query before.

Objects

Object

Method

Arguments

Function

Example

database

execute()

SQL Query

Run the SQL query – returns result object. In case the query returns more than one result set (e.g. for stored procedure), then execute() returns an array with the individual result sets. In case you are not sure, use Array.isArray(result) to check whether the returned object is an array or not.

var result = database.execute("select myFieldName from table");

var result = database.execute("sp_report1");
if(Array.isArray(result)){
    // multiple result sets
    var result1 = result[0].getRows();
    var result2 = result[1].getRows();
}

result

getRows()

Get an object to work on the result set of the query

resultRows = result.getRows();

resultRows

lenght()

Get the number of rows to iterate with a for loop

for (var i = 0; i < resultRows.length; i++) {
  var row = resultRows[i];
}

row

getValue()

Name of field

Get the value of the corresponding field of the row

var myValue = row.getValue("myFieldName");

Code Samples

Example 16. Iterate with a for loop over a resultset
for (var i = 0; i < resultRows.length; i++) {
    var row = resultRows[i];
    // read fields
    var myValue = row.getValue("myFieldName");
}

RFC Interface

The RFC interface can only be used from within the RUN_JS custom check type, and only if being used in the context of an SAP system or instance. It is used to call RFC-enabled function modules and to get table or export data after they have been executed.

The sap object is usually only required if a loop over clients of an ABAP system shall be implemented. If the function is client-independent or shall only run in the logon client of the RFC user, you can simply start by using rfcConnection.

Object

Method

Arguments

Function

Example

sap

clients()

Return list of clients of SAP system

sap.clients()

rfcConnection

getFunction()

Function name

Get an RFC function handle

var funct = rfcConnection.getFunction("THE_FUNCTION");

rfcConnection

getDestination()

Get JCoDestination object. This object provides full access to the underlying JCo destination.

var dest = rfcConnection.getDestination();

funct

setImportParameter()

Import parameter name and value

Set an import parameter name and value for this function before execution

funct.setImportParameter("THE_NAME","THE_VALUE")

funct

execute()

Execute the function

funct.execute()

funct

getTable()

Table Name

Get a handle to work with a table returned by the RFC function module

var table = funct.getTable("THE_TABLE");

funct

getExportParameter()

Export parameter name

Get an export parameter of this function after execution

var numOfEntries = funct.getExportParameter("NUMBER_OF_ENTRIES");

funct

getExportStructure()

Export structure name

Get an export structure of this function after execution. The type of the returned object is JCoStructure

isLocked = funct.getExportStructure("ISLOCKED");

table

hasNext()

Use in a loop to determine if all table records are read

while (table.hasNext()) {
  var entry = table.next();
}

table

next()

Read next table entry

var entry = table.next();

entry

getString()

Name of field

Get the value of the corresponding field of the row

The following examples can also be downloaded from the solution document RUN_JS Custom Check Examples.

Example 17. Call an RFC function to count the number of work processes

This example simply calls RFC function module TH_WPINFO, evaluates the number of work processes, and displays them in a table. It as well uses custom monitoring parameters and custom performance data.

var func = rfcConnection.getFunction("TH_WPINFO");

// execute the function
func.execute();

// read WPLIST table
var table = func.getTable("WPLIST");

// prepare result table
check.addTableColumn("WP_INDEX");
check.addTableColumn("WP_PID");
check.addTableColumn("WP_ITYPE");
check.addTableColumn("WP_TYP");

var cnt = 0;
while (table.hasNext()) {
  var entry = table.next();

  cnt++;

  check.newRow();
  check.addCell(entry.getString("WP_INDEX"));
  check.addCell(entry.getString("WP_PID"));
  check.addCell(entry.getString("WP_ITYPE"));
  check.addCell(entry.getString("WP_TYP"));
}

// make sure that custom monitoring parameter type cust.WorkProcessesWarnCount
// is created with a default value
var wpcc = Number(monitoredSystem.getMoniParam("cust.WorkProcessesWarnCount"));

if (wpcc && cnt >= wpcc) {
  check.status = WARNING;
  check.message = cnt + " work processes found (more than limit of " + wpcc + ")";
}
else {
  check.status = OK;
  check.message = cnt + " work processes found";
}

// make sure custom performance counter Work Processes is created
performance.writePerformanceValue("Work Processes", cnt);
Example 18. Loop over clients and check if ABAP user SAP* user is intentionally locked

This example supplements the built-in security-related check by another common use case: to check if the ABAP user SAP* is locked in all clients. Please note that for this example to work, the Avantra RFC user needs to be defined in all clients with the same user and password as the one specified in the SAP system properties (see Avantra RFC User Setup). It also uses JavaScript functions.

var userCnt = 0;
var clientCnt = 0;

// setup table
check.addTableColumn("User");
check.addTableColumn("Client");
check.addTableColumn("Groups");
check.addTableColumn("Wrong Logons");
check.addTableColumn("Locally Locked");
check.addTableColumn("Globally Locked");
check.addTableColumn("No User or Password");

var errors = "";

// "sap" is the central object. It is hosted by the Avantra Agent and simply available in JavaScript.
// sap.clients = returns an array of clients of this SAP system

var clients = sap.clients;  // for example clients: 000,001,066,100
for (var i = 0; i < clients.length; i++) {
  var client = clients[i];

  try {
    // sap.login() does a login to the client given in the Avantra properties of the SAP system
    //             and uses the defined username and password
    // sap.login(client) uses the defined username and password for a given client
    var connection = sap.login(client);

    userComplianceForClient(connection, client,"SAP*");
    clientCnt++;
  }
  catch (e) {
    e.printStackTrace();
    errors += e + ";";
  }
}

// write result status and message
check.status = OK;
var msg = userCnt + " user(s) in " + clientCnt +" client(s) tested.";
if (errors !== "") {
  msg +=  "\n" + errors;
  check.status = CRITICAL;
}
else {
  msg += "\n" + "All users are locked."
}

check.message = msg;

function userComplianceForClient(connection, client, username){
  var func = connection.getFunction("BAPI_USER_GET_DETAIL");

  func.setImportParameter("USERNAME", username);

  // execute the function
  func.execute();

  // read Groups table – this is just for demo and display purposes
  var groupsTab = func.getTable("GROUPS");

  check.newRow();
  check.addCell(username);
  check.addCell(client);

  // groups
  var str = "";
  if (groupsTab.hasNext()) {
    str += group.getString("USERGROUP");
    while(groupsTab.hasNext()){
      var group = groupsTab.next();
      str += ", " + group.getString("USERGROUP");
    }
  }
  check.addCell(str);

  var isLockedExp = func.getExportStructure("ISLOCKED");
  var isLocked = 0;

  check.addCell(lockedCode2HumanReading(isLockedExp, "WRNG_LOGON"));

  var ils = lockedCode2HumanReading(isLockedExp, "LOCAL_LOCK");
  if (ils === 'Locked') {
    // user is locked, mark this field as OK
    check.addCell(ils, OK);
    isLocked ++;
  }
  else {
    // user is not  locked, mark this field as CRITICAL
    check.addCell(ils, CRITICAL);
  }

  ils = lockedCode2HumanReading(isLockedExp, "GLOB_LOCK");
  if (ils === 'Locked') {
      check.addCell(ils, OK);
      isLocked ++;
  }
  else {
    if (isLocked === 0) {
      // if not yet locked, mark this field CRITICAL as well
      check.addCell(ils, CRITICAL);
    }
    else {
      // if already locked locally, mark this one as neutral
      check.addCell(ils);
    }
  }

  check.addCell(lockedCode2HumanReading(isLockedExp, "NO_USER_PW"));

  if (isLocked === 0) {
      errors += "User " + username + " is not intentionally locked in client " + client + ".\n";
  }

  userCnt++;
}

function lockedCode2HumanReading(rfcExport, field) {
  var ils = rfcExport.getString(field);

  switch (ils) {
    case "L":
        ils = "Locked";
        break;
    case "U":
        ils = "Unlocked";
        break;
    case "":
        ils = "User does not exist";
        break;
    default:
  }

  return ils;
}

SAPJAVA Interface

The SAPJAVA interface can only be used from within the RUN_JS custom check type, and only if being used in the context of an SAP Java system or instance. It is used to access the configuration settings of an SAP Java system.

Object

Method

Arguments

Function

Example

sapjava

getSystemProperties()

Get the system properties

var properties = sapjava.getSystemProperties();

sapjava

getClusterNodeInfos()

Get the cluster node infos

var clusterNodes = sapjava.getClusterNodeInfos();
var iter = clusterNodes.keySet().iterator();
while(iter.hasNext()){
    var key = iter.next();
    var node = clusterNodes.get(key);
    message +=  key + ":" + node.name + "," + node.displayName + "," + node.groupId + "," + node.host + "," + node.hostName + "," + node.id + "," + node.nodeState + "," + node.type + "\n";
}

sapjava

getProviderGroupClusterNodeInfos()

Get the provider cluster node infos

see getClusterNodeInfos() above

sapjava

getProviderNodeInfo()

Get the provider node info

var providerNode = sapjava.getProviderNodeInfo();

Cloud Service

The Cloud Service can only be used from within the RUN_JS custom check type.

The objects ( requestBuilder, requestFormBodyBuilder, requestMultiFormBodyBuilder, requestBodyBuilder) described below are designed to be used for one http call. If you want to execute more than one http calls within a script, use the httpUtil object described below to create new requestBuilder objects. The request builder objects created with httpUtil provide the same functions as the pre-defined objects.

Object

Method

Arguments

Function

Example

http

newCall()

Request

Make a HTTP call.

var response = http.newCall(request).execute();

requestBuilder

url()

URL

Configure request url.

requestBuilder.url("https://jsonplaceholder.typicode.com/users");

requestBuilder

get()

Configure a get request.

requestBuilder.get();

requestBuilder

post()

Http body

Configure a post request with body.

requestBuilder.post("Hello World.");

requestBuilder

put()

Http body

Configure a put request with body.

requestBuilder.put("Hello World.");

requestBuilder

delete()

Http body

Configure a delete request.

requestBuilder.delete("Hello World.");

requestBuilder

addHeader()

Add an HTTP header to the request.

var request = requestBuilder
  .url(baseUrl)
  .addHeader("Accept", "application/vnd.github.v3+json")
  .get()
  .build();

requestBuilder

build()

Generate request.

var request = requestBuilder
  .url("https://jsonplaceholder.typicode.com/users")
  .get()
  .build();

requestBodyBuilder

mediaType()

Media type

Configure the media type for a request body.

requestBodyBuilder.mediaType("application/json; charset=utf-8");

requestBodyBuilder

body()

Body content as String

Add content to request body.

requestBodyBuilder.body(JSON.stringify(bodyContent));

requestBodyBuilder

build()

Generate request body.

requestBodyBuilder.build();

requestFormBodyBuilder

add()

Name of form element and content

Add form element to request body.

requestFormBodyBuilder.add("search", "test");

requestFormBodyBuilder

build()

Generate a form request body.

requestFormBodyBuilder.build();

requestMultiFormBodyBuilder

addFormDataPart()

Name of form element and content

Add form element to multi form request body.

requestMultiFormBodyBuilder.addFormDataPart("search", "test");

requestFormBodyBuilder

build()

Generate a multi-form request body.

requestMultiFormBodyBuilder.build();

baseUrl

Base Url which can be specified in the Cloud Service Configuration.

var value = baseUrl;

httpUtil

createRequestBuilder()

Generate a new request builder. The new requestBuilder has the same functions as the requestBuilder described above. Use this function when you want to execute more than one http call within one script.

var requestBuilder2 = httpUtil.createRequestBuilder();

httpUtil

createRequestFormBodyBuilder()

Generate a new request form body builder. The new requestFormBodyBuilder has the same functions as the requestFormBodyBuilder described above. Use this function when you want to execute more than one http call within one script.

var requestFormBodyBuilder2 = httpUtil.createRequestFormBodyBuilder();

httpUtil

createRequestMultiFormBodyBuilder()

Generate a new request multi form body builder. The new requestMultiFormBodyBuilder has the same functions as the requestMultiFormBodyBuilder described above. Use this function when you want to execute more than one http call within one script.

var requestMultiFormBodyBuilder2 = httpUtil.createRequestMultiFormBodyBuilder();

httpUtil

createRequestBodyBuilder()

Generate a new request body builder. The new requestBodyBuilder has the same functions as the requestBodyBuilder described above. Use this function when you want to execute more than one http call within one script.

var requestBodyBuilder2 = httpUtil.createRequestBodyBuilder();

httpUtil

httpClientBuilder()

Generates a new Client Builder. This can be used to create your own client. For example, you can use your own proxy.

var httpClientBuilder = httpUtil.httpClientBuilder();

httpUtil

proxyBuilder()

Generates a new Proxy Builder. With this, you can configure and use your own proxy.

var proxyBuilder = httpUtil.proxyBuilder();

Duration

Duration

Duration.static.ofSeconds(40);
Duration.static.ofMinutes(2);
Duration.static.ofMillis(500);
Example 19. Example: Make a HTTP Get Call

Make a HTTP Get Call and extract JSON from response.

var request = requestBuilder.url(baseUrl).get().build();

var response = http.newCall(request).execute();
if (response.isSuccessful()) {
  var json = JSON.parse(response.body().string());

  check.message = response.code();
} else {
  check.message = response.code();
}
Example 20. Add a special HTTP header to request
var request = requestBuilder.url(baseUrl)
  .addHeader("Accept", "application/vnd.github.v3+json")
  .get()
  .build();

var response = http.newCall(request)
  .execute();
if (response.isSuccessful()) {
  var json = JSON.parse(response.body().string());
  check.message = response.code();
} else {
  check.message = response.code();
}
Example 21. Make a HTTP Post request with a json body.
var bodyContent = {
  title: 'foo',
  body: 'bar',
  userId: 1
};

var body = requestBodyBuilder.mediaType("application/json; charset=utf-8")
  .body(JSON.stringify(bodyContent)).build();


var request = requestBuilder.url("https://jsonplaceholder.typicode.com/posts")
  .post(body).build();

var response = http.newCall(request).execute();
if (response.isSuccessful()) {
  check.status = "OK";
  print(response.code());
} else {
  print(response.body().string());
}
Example 22. Make a HTTP Post request with a form body.
var body = requestFormBodyBuilder.add("search", "test").build();

var request = requestBuilder.url("https://postman-echo.com/post")
  .post(body).build();

var response = http.newCall(request).execute();
if (response.isSuccessful()) {
  check.status = "OK";
  print(response.code());
} else {
  print(response.body().string());
  //check.message = response.code();
}
Example 23. Make a HTTP Post request with a multipart body.
var body = requestMultiFormBodyBuilder.addFormDataPart("search", "test")
  .build();

var request = requestBuilder.url("https://postman-echo.com/post")
  .post(body)
  .build();

var response = http.newCall(request).execute();
if (response.isSuccessful()) {
  check.status = "OK";
  print(response.code());
} else {
  print(response.body().string());
  //check.message = response.code();
}
Example 24. Make a own HTTP Client and use own Proxy.
var body = requestMultiFormBodyBuilder.addFormDataPart("search", "test")
  .build();

var request = requestBuilder.url("https://postman-echo.com/post")
  .post(body)
  .build();

var proxy = httpUtil.proxyBuilder().host("localhost").port(8080).build();

var httpClient = httpUtil.httpClientBuilder().proxy(proxy).build();


var response = httpClient.newCall(request).execute();
if (response.isSuccessful()) {
  check.status = "OK";
  print(response.code());
} else {
  print(response.body().string());
  //check.message = response.code();
}
Example 25. Make an own HTTP Client and use own Timeouts.
var body = requestMultiFormBodyBuilder.addFormDataPart("search", "test")
  .build();

var request = requestBuilder.url("https://postman-echo.com/post")
  .post(body)
  .build();

var httpClient = httpUtil.httpClientBuilder()
                    .connectTimeout(Duration.static.ofSeconds(40))
                    .callTimeout(Duration.static.ofSeconds(40)).build();


var response = httpClient.newCall(request).execute();
if (response.isSuccessful()) {
  check.status = "OK";
  print(response.code());
} else {
  print(response.body().string());
  //check.message = response.code();
}