Skip to main content

Dear Community Members,

i have the following issue. A customer is using SAP and we want to include the SM20 logs into our SecOps instance. The customer told us that the SM20 logs are encrypted or "not human readable". How do you guys ingested this logs into your instance or maybe do you have an idea how these logs can be ingested properly.

Thank you for your help!


  1. If the logs are available locally but encoded in binary ; then bindplane can decode if encoded by utf-8/utf-16/leutf-16/beascii/big5.

  2. If the logs are within a database that can be queried or exported  ; then we could use either Bindplane or file listeners in Chronicle collector to collect them.

  3. If the logs are available within an API or are fed to a datalake ;  then we could use the ingestion API as long as the log rate is not too much and there is a tolerance for batch processing.

Thank you for the response!

I will check this with our customer and give you feedback 🙂

Hello,

I'm going through the same problem, i have an extract of SAP logs locally on a file and i would like to send them to Secops. Anybody has the Bindplane configuration to do this?

Thank you in advance for your help.

 

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.