One or more embodiments of the present invention relate to a network-based SAP monitoring system, and more particularly, to an SAP monitoring system and method, in which identification for all three types of SAP application protocols is processed in a single system.
SAP, which is Enterprise resource planning (ERP) solution most widely used in the world, has a client-server structure. Through continuous updates up to now, SAP supports application protocols for three types of client-server communication. Application protocol used for communication between an SAP graphical user interface (GUI), which is a most basic SAP client application program, and a server supports hypertext transfer protocol (HTTP)-based data communication through a TCP/IP-based dynamic information and action gateway (DIAG) protocol developed while being optimized for a data transaction structure with a unit SAP GUI screen, a web-based SAP GUI service, and an SAP GUI for JAVA/HTML module considering extensibility of application development. In this case, a data payload structure transmitted and received is identical to a data payload structure of a DIAG application protocol. In addition, data communication through remote function call (RFC) application protocol is also supported. A data payload structure used in the RFC application protocol differs from that of the DIAG application protocol. FIGS. 1 and 2 are configuration views illustrating a payload of a DIAG data packet and a payload of an RFC data packet analyzed and reconfigured by reverse engineering, respectively.
As described above, SAP (herein, SAP is the name of a solution, made of initials of system, application, and products in the data processing and the number of a vendor manufacturing the solution) supports data communication through HTTP and RFC in addition to DIAG application protocols, which is necessary to be network-based monitored. In addition, due to the nature of SAP, applications with respect to managerial resources of an enterprise, that is, inventory control, purchasing control, production management, sales management, personnel management, financial management, managerial accountings, etc. are combined with one another in an integrated database in real time. In a regard of accessing sensitive information necessary for being restricted in enterprises, it is very necessary to regularly monitor inquiries and accesses unauthorized internal sources and information. Traffics occurring on network caused by a large amount of data transactions occurring while using managerial resources in various fields, in case of enterprises or companies employing several hundreds or thousands of staffs, reach a degree of from several tens to several hundreds Mbps or several Gbps.