Page tree
Skip to end of metadata
Go to start of metadata


The support utilities for SAP Gateway include Performance Trace and Payload Trace tools:

    • Performance Trace - enables you to monitor system performance at service call level. The performance of both the SAP Business Suite backend system and the SAP Gateway hub system can be traced.

    • Payload Trace -  enables you to monitor the flow of data sent as part of service requests and responses. The tool is particularly helpful if you want to check the exact content of HTTP header and body data sent and received.


Before you can use these tools, you need to make general configuration settings and activate the tools as they are required.

Log levels

Available Levels

Due to SAP security standards there are two levels available for the error log:

  • Secure Level:
    This is the default level. This level is necessary to do a first problem analysis and has the following properties:
    • Error returned by provider application will not be logged at all.
    • In case of technical problems one or more error log entries might be written but they do not contain any information about service name, HTTP request or response payload.
  • Full Level
    No limitation. This level is necessary to analyze the application error or to do further analysis of technical problems if information about the currently used service request is needed.

Authorization Object

Using transaction SICF with the assigned authorization object S_ADMI_FCD with parameter PADM, you can activate, deactivate and display HTTP traces containing the whole request and response payload.

This authorization is therefore needed to configure the log level and display sensitive details of error log entries.

How to Configure the Error Log Level

  1. Run transaction /IWFND/ERROR_LOG or /IWBEP/ERROR_LOG
  2. Choose Error Log-> Global Configuration.
    A pop-up will appear for changing the log level.

This setting is effective for all users of the current SAP client and is valid until the next change.

Even if secure level is configured for the current client, you can change the log level for a specific user to do further error analysis as follows:

  1. Run transaction /IWFND/TRACES or /IWBEP/TRACES
  2. Choose Add user (IWFND or IWBEP) or Request URI Prefix (IWFND only)
  3. Enter the user name (IWFND or IWBEP) or Request URI prefix (IWFND only)
  4. Change the log level from secure to full.This user setting is valid for 2 hours.

If the log level for the current client is already set to full, any level change for a specific user does not make sense and will not be supported.

Display Error Log Entries

  • If a log entry was written with secure level, sensitive data will be shown as ***Hide_due_to_secure_log_level***.
  • If a log entry was written with full level but authorization object S_ADMI_FCD with parameter PADM is not assigned to the current user, sensitive data will be shown as ***No_authority_to_see_detail***.

Replay Functionality

Replay a service request requires the whole request payload. A replay is therefore only available for log entries written with log level full. Moreover, authorization object S_ADMI_FCD with parameter PADM must be assigned to the current user to replay a service request from within the error log.

Not available Functionalities due to Secure Log Level

Some functionalities such as replay a request, navigate to transaction /IWFND/MAINT_SERVICE or display the current service implementation in backend system require either the whole request payload or information about service namespace and service name but these data were not saved in the error log entries due to secure error log level. Therefore, if you want to use these functionalities you have to reproduce the errors to get new error log entries with all necessary information.

  • No labels