Merge pull request #206212 from tamirkopitz/kopitz/sentinel4sap/remove_docker_container_restart

Update troubleshoot guide

Author: denrea

articles/sentinel/sap/sap-deploy-troubleshoot.md

@@ -39,29 +39,41 @@ Run:
 docker logs -f sapcon-[SID]
 ```
 
-## Enable debug mode printing
+## Enable/disable debug mode printing
 
-**To enable debug mode printing**:
+**Enable debug mode printing**:
 
-1. Copy the following file to your **sapcon/[SID]** directory, and then rename it as `loggingconfig.yaml`: https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/template/loggingconfig_DEV.yaml
+1. On your VM, edit the **sapcon/[SID]/systemconfig.ini** file.
 
-1. [Reset the SAP data connector](#reset-the-sap-data-connector).
+1. Define the **General** section if it wasn't previously defined. In this section, define `logging_debug = True`.
 
-For example, for SID `A4H`:
+    For example:
 
-```bash
-wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/template/loggingconfig_DEV.yaml
-              cp loggingconfig.yaml ~/sapcon/A4H
-              docker restart sapcon-A4H
-```
+    ```Python
+    [General]
+    logging_debug = True
+    ```
 
-**To disable debug mode printing again, run**:
+1. Save the file.
 
-```bash
-mv loggingconfig.yaml loggingconfig.old
-ls
-docker restart sapcon-[SID]
-```
+The change takes effect two minutes after you save the file. You don't need to restart the Docker container.
+
+**Disable debug mode printing**:
+
+1. On your VM, edit the **sapcon/[SID]/systemconfig.ini** file.
+
+1. In the **General** section, define `logging_debug = False`.
+
+    For example:
+
+    ```Python
+    [General]
+    logging_debug = False
+    ```
+
+1. Save the file.
+
+The change takes effect two minutes after you save the file. You don't need to restart the Docker container.
 
 ## View all Docker execution logs
 
@@ -116,16 +128,15 @@ docker cp sapcon-A4H:/sapcon-app/sapcon/logs /tmp/sapcon-logs-extract
 
 If you want to check the SAP data connector configuration file and make manual updates, perform the following steps:
 
-1. On your VM, in the user's home directory, open the **~/sapcon/[SID]/systemconfig.ini** file.
-1. Update the configuration if needed, and then restart the container:
+1. On your VM, open the **sapcon/[SID]/systemconfig.ini** file.
 
-    ```bash
-    docker restart sapcon-[SID]
-    ```
+1. Update the configuration if needed, and save the file.
+
+The change takes effect two minutes after you save the file. You don't need to restart the Docker container.
 
 ## Reset the SAP data connector
 
-The following steps reset the connector and reingest SAP logs from the last 24 hours.
+The following steps reset the connector and reingest SAP logs from the last 30 minutes.
 
 1.	Stop the connector. Run:
 
@@ -177,8 +188,18 @@ Docker cp SDK by running docker cp nwrfc750P_8-70002752.zip /sapcon-app/inst/
 
 If ABAP runtime errors appear on large systems, try setting a smaller chunk size:
 
-1. Edit the **sapcon/SID/systemconfig.ini** file and define `timechunk = 5`.
-2. [Reset the SAP data connector](#reset-the-sap-data-connector).
+1. Edit the **sapcon/[SID]/systemconfig.ini** file and in the **Connector Configuration** section define `timechunk = 5`.
+
+    For example:
+
+    ```Python
+    [Connector Configuration]
+    timechunk = 5
+    ```
+
+1. save the file.
+
+The change takes effect two minutes after you save the file. You don't need to restart the Docker container.
 
 > [!NOTE]
 > The **timechunk** size is defined in minutes.
@@ -222,7 +243,7 @@ docker restart sapcon-[SID]
 
 ### Missing ABAP (SAP user) permissions
 
-If you get an error message similar to: **..Missing Backend RFC Authorization..**, your SAP authorizations and role were not applied properly.
+If you get an error message similar to: **..Missing Backend RFC Authorization..**, your SAP authorizations and role weren't applied properly.
 
 1. Ensure that the **MSFTSEN/SENTINEL_CONNECTOR** role was imported as part of a [change request](prerequisites-for-deploying-sap-continuous-threat-monitoring.md) transport, and applied to the connector user.
 
@@ -271,14 +292,20 @@ If you attempt to retrieve an audit log, without the [required change request](p
 
 While your system should automatically switch to compatibility mode if needed, you may need to switch it manually. To switch to compatibility mode manually:
 
-1. In the **sapcon/SID** directory, edit the **systemconfig.ini** file
+1. Edit the **sapcon/[SID]/systemconfig.ini** file
 
-1. Define: `auditlogforcexal = True`
+1. In the **Connector Configuration** section defineefine: `auditlogforcexal = True`
 
-1. Restart the Docker container:
+    For example:
 
-    ```bash
-    docker restart sapcon-[SID]
+    ```Python
+    [Connector Configuration]
+    auditlogforcexal = True
+    ```
+
+1. save the file.
+
+The change takes effect two minutes after you save the file. You don't need to restart the Docker container.r restart sapcon-[SID]
     ```
 
 ### SAPCONTROL or JAVA subsystems unable to connect
@@ -302,7 +329,7 @@ If you're not able to import the [required SAP log change requests](prerequisite
 
 ### Audit log data not ingested past initial load
 
-If the SAP audit log data, visible in either the **RSAU_READ_LOAD** or **SM200** transactions, is not ingested into Microsoft Sentinel past the initial load, you may have a misconfiguration of the SAP system and the SAP host operating system.
+If the SAP audit log data, visible in either the **RSAU_READ_LOAD** or **SM200** transactions, isn't ingested into Microsoft Sentinel past the initial load, you may have a misconfiguration of the SAP system and the SAP host operating system.
 
 - Initial loads are ingested after a fresh installation of the SAP data connector, or after the **metadata.db** file is deleted.
 - A sample misconfiguration might be when your SAP system timezone is set to **CET** in the **STZAC** transaction, but the SAP host operating system time zone is set to **UTC**.