Monitor the health and role of your SAP systems

After you deploy the SAP solution, you want to ensure proper functioning and performance of your SAP systems, and keep track of your system health, connectivity, and performance.

This article describes how to use the following features, which allow you to perform this monitoring from within Microsoft Sentinel:


Monitoring the health of your SAP systems is currently in PREVIEW. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Use the SAP data connector

  1. From the Microsoft Sentinel portal, select Data connectors.
  2. In the search bar, type Microsoft Sentinel for SAP.
  3. Select the Microsoft Sentinel for SAP connector and select Open connector.
  4. In the Configuration > System Health area, you can view information on the health of your SAP systems.

Screenshot of the Configuration area showing the status of the connected SAP systems.

Field Description Values Notes
Agent name Unique ID of the installed data connector agent.
SID The name of the connected SAP system ID (SID).
Health Indicates whether the SID is healthy. To troubleshoot health issues, review the container execution logs and review other troubleshooting steps. The System healthy status indicates that Microsoft Sentinel identified both logs and a heartbeat from the system. Other statuses, like System unreachable for over 1 day, indicate the connectivity status.
System role Indicates whether the system is productive or not. The data connector agent retrieves the value by reading the SAP T000 table. This value also impacts billing. To change the role, an SAP admin needs to change the configuration in the SAP system. Production. The system is defined by the SAP admin as a production system.
Unknown (Production). Microsoft Sentinel couldn't retrieve the system status. Microsoft Sentinel regards this type of system as a production system for both security and billing purposes.
Non production. Indicates roles like developing, testing, and customizing.
Agent update available. Displayed in addition to the health status to indicate that a newer SAP connector version exists. In this case, we recommended that you update the connector.
If the system role is Production (unknown), check the Microsoft Sentinel role definitions and permissions on the SAP system, and validate that the system allows Microsoft Sentinel to read the content of the T000 table. Next, consider updating the SAP connector to the latest version.

Use an alert rule template

The Microsoft Sentinel for SAP solution includes an alert rule template designed to give you insight into the health of your SAP agent's data collection.

To turn on the analytics rule:

  1. From the Microsoft Sentinel portal, select Analytics.
  2. Under Rule templates, locate the SAP - Data collection health check alert rule.

The analytics rule:

  • Evaluates signals sent from the agent.
  • Evaluates telemetry data.
  • Evaluates alerts on log continuation and other system connectivity issues, if any are found.
  • Learns the log ingestion history, and therefore works better with time.

The rule needs at least seven days of loading history to detect the different seasonality patterns. We recommend a value of 14 days for the alert rule Look back parameter to allow detection of weekly activity profiles.

Once activated, the rule judges the recent telemetry and log volume observed on the workspace according to the history learned. The rule then alerts on potential issues, dynamically assigning severities according to the scope of the problem.

This screenshot shows an example of an alert generated by the SAP - Data collection health check alert rule.

Screenshot of an alert triggered by the SAP - Data collection health check alert rule.

Next steps