Merge pull request #216699 from MSFTandrelom/andrelom-update

updating folder references and changing wording

Author: prmerger-automator[bot]

articles/sentinel/sap/deployment-solution-configuration.md

@@ -97,21 +97,22 @@ By default, all analytics rules provided in the Microsoft Sentinel Solution for
 7. Function module tested
 8. The SAP audit log monitoring analytics rules
 
-## Reduce the amount of SAP log ingestion
+## Enabling and disabling the ingestion of specific SAP logs 
 
-To reduce the number of logs ingested into the Microsoft Sentinel workspace, you can stop ingestion for a specific log. To do this, edit the *systemconfig.ini* file, and for the relevant log, change the `True` value to `False`.
+It is possible to enable and disable the ingestion of a specific log. To do this, edit the *systemconfig.ini* file located under /opt/sapcon/SID/ directory on the connector Virtual Machine.
+Inside the configuration file you can pick a relevant log,  change the value to `True` to enable the log or to `False` to disable the log.
 
-For example, to stop the `ABAPJobLog`, change its value to `False`:
+For example, to stop ingesting the `ABAPJobLog`, change its value to `False`:
 
 ```
 ABAPJobLog = False
 ```
-
-You can also [stop the user master data tables](sap-solution-deploy-alternate.md#configuring-user-master-data-collection). 
+The list of available logs can be found in the [systemconfig.ini reference](reference-systemconfig.md#logs-activation-status-section).
+It is also possible to [stop ingesting the user master data tables](sap-solution-deploy-alternate.md#configuring-user-master-data-collection). 
 
 > [!NOTE]
 >
-> Once you stop one of the logs, the workbooks and analytics queries that use that log may not work.
+> Once you stop one of the logs or tables, the workbooks and analytics queries that use that log may not work.
 > [Understand which log each workbook uses](sap-solution-security-content.md#built-in-workbooks) and [understand which log each analytic rule uses](sap-solution-security-content.md#built-in-analytics-rules).
 
 ## Stop log ingestion and disable the connector

articles/sentinel/sap/sap-deploy-troubleshoot.md

@@ -38,7 +38,7 @@ docker logs -f sapcon-[SID]
 
 **Enable debug mode printing**:
 
-1. On your VM, edit the **sapcon/[SID]/systemconfig.ini** file.
+1. On your VM, edit the **/opt/sapcon/[SID]/systemconfig.ini** file.
 
 1. Define the **General** section if it wasn't previously defined. In this section, define `logging_debug = True`.
 
@@ -55,7 +55,7 @@ The change takes effect two minutes after you save the file. You don't need to r
 
 **Disable debug mode printing**:
 
-1. On your VM, edit the **sapcon/[SID]/systemconfig.ini** file.
+1. On your VM, edit the **/opt/sapcon/[SID]/systemconfig.ini** file.
 
 1. In the **General** section, define `logging_debug = False`.
 
@@ -70,54 +70,9 @@ The change takes effect two minutes after you save the file. You don't need to r
 
 The change takes effect two minutes after you save the file. You don't need to restart the Docker container.
 
-## View all Docker execution logs
+## View all container execution logs
 
-To view all Docker execution logs for your Microsoft Sentinel Solution for SAP data connector deployment, run one of the following commands:
-
-```bash
-docker exec -it sapcon-[SID] bash && cd /sapcon-app/sapcon/logs
-```
-
-or
-
-```bash
-docker exec –it sapcon-[SID] cat /sapcon-app/sapcon/logs/[FILE_LOGNAME]
-```
-
-Output similar to the following should be displayed:
-
-```bash
-Logs directory:
-root@644c46cd82a9:/sapcon-app# ls sapcon/logs/ -l
-total 508
--rwxr-xr-x 1 root root      0 Mar 12 09:22 ' __init__.py'
--rw-r--r-- 1 root root    282 Mar 12 16:01  ABAPAppLog.log
--rw-r--r-- 1 root root   1056 Mar 12 16:01  ABAPAuditLog.log
--rw-r--r-- 1 root root    465 Mar 12 16:01  ABAPCRLog.log
--rw-r--r-- 1 root root    515 Mar 12 16:01  ABAPChangeDocsLog.log
--rw-r--r-- 1 root root    282 Mar 12 16:01  ABAPJobLog.log
--rw-r--r-- 1 root root    480 Mar 12 16:01  ABAPSpoolLog.log
--rw-r--r-- 1 root root    525 Mar 12 16:01  ABAPSpoolOutputLog.log
--rw-r--r-- 1 root root      0 Mar 12 15:51  ABAPTableDataLog.log
--rw-r--r-- 1 root root    495 Mar 12 16:01  ABAPWorkflowLog.log
--rw-r--r-- 1 root root 465311 Mar 14 06:54  API.log # view this log to see submits of data into Microsoft Sentinel
--rw-r--r-- 1 root root      0 Mar 12 15:51  LogsDeltaManager.log
--rw-r--r-- 1 root root      0 Mar 12 15:51  PersistenceManager.log
--rw-r--r-- 1 root root   4830 Mar 12 16:01  RFC.log
--rw-r--r-- 1 root root   5595 Mar 12 16:03  SystemAdmin.log
-```
-
-To copy your logs to the host operating system, run:
-
-```bash
-docker cp sapcon-[SID]:/sapcon-app/sapcon/logs /directory
-```
-
-For example:
-
-```bash
-docker cp sapcon-A4H:/sapcon-app/sapcon/logs /tmp/sapcon-logs-extract
-```
+Connector execution logs for your Microsoft Sentinel Solution for SAP data connector deployment are stored in **/opt/sapcon/[SID]/log**. Log filename is **OmniLog.log**. A history of logfiles is kept, suffixed with *.<number>* such as **OmniLog.log.1**, **OmniLog.log.2** etc
 
 ## Review and update the Microsoft Sentinel for SAP data connector configuration
 
@@ -139,7 +94,7 @@ The following steps reset the connector and reingest SAP logs from the last 30 m
     docker stop sapcon-[SID]
     ```
 
-1.	Delete the **metadata.db** file from the **sapcon/[SID]** directory. Run:
+1.	Delete the **metadata.db** file from the **/opt/sapcon/[SID]** directory. Run:
 
     ```bash
     cd /opt/sapcon/<SID>
@@ -182,7 +137,7 @@ Docker cp SDK by running docker cp nwrfc750P_8-70002752.zip /sapcon-app/inst/
 
 If ABAP runtime errors appear on large systems, try setting a smaller chunk size:
 
-1. Edit the **sapcon/[SID]/systemconfig.ini** file and in the **Connector Configuration** section define `timechunk = 5`.
+1. Edit the **/opt/sapcon/[SID]/systemconfig.ini** file and in the **Connector Configuration** section define `timechunk = 5`.
 
     For example:
 
@@ -286,7 +241,7 @@ If you attempt to retrieve an audit log, without the [required change request](p
 
 While your system should automatically switch to compatibility mode if needed, you may need to switch it manually. To switch to compatibility mode manually:
 
-1. Edit the **sapcon/[SID]/systemconfig.ini** file
+1. Edit the **/opt/sapcon/[SID]/systemconfig.ini** file
 
 1. In the **Connector Configuration** section defineefine: `auditlogforcexal = True`
 
@@ -335,10 +290,10 @@ To check for misconfigurations, run the **RSDBTIME** report in transaction **SE3
     docker stop sapcon-[SID]
     ```
 
-1.	Delete the **metadata.db** file from the **sapcon/[SID]** directory. Run:
+1.	Delete the **metadata.db** file from the **/opt/sapcon/[SID]** directory. Run:
 
     ```bash
-    rm ~/sapcon/[SID]/metadata.db
+    rm /opt/sapcon/[SID]/metadata.db
     ```
 
 1. Update the SAP system and the SAP host operating system to have matching settings, such as the same time zone. For more information, see the [SAP Community Wiki](https://wiki.scn.sap.com/wiki/display/Basis/Time+zone+settings%2C+SAP+vs.+OS+level).