AutoUpgrade SAP Host Agent

12/20/2019
SAP Host Agent

Generated on: 2019-12-20
PUBLIC
Original content: https://help.sap.com/viewer/141cbf7f183242b0ad0964a5195b24e7/118/en-US
Warning
This document has been generated from the SAP Help Portal and is an incomplete version of the official SAP product
documentation. The information included in custom documentation may not re ect the arrangement of topics in the SAP Help
Portal, and may be missing important aspects and/or correlations to other topics. For this reason, it is not for productive use.
For more information, please visit the https://help.sap.com/viewer/disclaimer.
https://help.sap.com/http.svc/dynamicpdfcontentpreview?deliverable_id=21890361&topics=48c6f9627a004da5e10000000a4… 1/36
12/20/2019
SAP Host Agent

SAP Host Agent is an agent that can accomplish several life-cycle management tasks, such as operating system monitoring,
database monitoring, system instance control and provisioning.
Validity of this Documentation

This documentation is valid for SAP Host Agent 7.21 Patch Level (PL) 040 and higher.
Note
SAP Host Agent 7.20 was deprecated. For more information, see SAP Note 2130510 .
For information about how to check the version of an existing SAP Host Agent installation, see SAP Host Agent Reference -
Command Line Options of the saphostexec Executable.
SAP Host Agent Usage

SAP Host Agent is installed automatically during the installation of new SAP system instances with SAP kernel 7.20 or higher. SAP
Host Agent is upgraded automatically as part of the SAP system instance, when you patch or upgrade the SAP kernel. However,
you can also install and upgrade SAP Host Agent independently from an SAP system instance.
Recommendation
It is strongly recommended that you regularly upgrade SAP Host Agent to its latest version. See also SAP Note 2219592 .
Features
SAP Host Agent provides you with the following features:
SAP instance discovery and inventory
SAP instance control
Database monitoring and management
System or instance provisioning:
Hosting the infrastructure of SAP Landscape Virtualization Management (LVM), formerly known as SAP NetWeaver
Adaptive Computing Controller (ACC)
Hosting software lifecycle (SL) tools interfaces
Operating system monitoring:
Using saposcol
Using Common Information Model (CIM) based infrastructures
IBM i-speci c features:
Dynamically adopted authorization for SAP kernel 7.20 and higher
SAP ILE daemon (SAPILED)
SAP Database Performance Collector for IBM i
12/20/2019
Related Information
SAP Host Agent Change Log
Architectural Overview of SAP Host Agent
Downloading the SAPHOSTAGENT.SAR Archive
SAP Host Agent Installation
SAP Host Agent Upgrade
SAP Host Agent Con guration
Uninstalling SAP Host Agent
SAP Host Agent Reference
SAP Host Agent Change Log

Some features are only available as of a certain patch level (PL) version of the SAP Host Agent archive. SAP recommends that you
use the highest available PL version, even if you want to monitor a component of SAP NetWeaver with a lower release.
Feature Description Available as of
Command line option -archive With the -archive option you can use the SAP HOST AGENT 7.21 PL003
saphostexec executable program of the
existing SAP Host Agent for the upgrade
while providing the direct path to the
SAPHOSTAGENT<PL-target
version>.SAR archive. You then do not
need to manually extract the archive before.
For more information, see Upgrading SAP

Host Agent Without Extracting the
SAPHOSTAGENT Archive.
Veri cation of Digital Signature The production version of the SAP Host SAP HOST AGENT 7.20 PL201
Agent is available as a digitally signed SAR
archive. You can now use the additional
parameter -verify to verify the content of
the SAP Host Agent archive against the SAP
digital signature during installation and
upgrade.
Audit Logging SAP Host Agent provides the means to SAP HOST AGENT 7.20 PL118
audit-log every operation the SAP Host
Agent is performing. If you want to use audit
logging, you have to activate it.
For more information, see Enabling Audit

Logging
sapcrypto library and command line tool The sapcrypto library and the command SAP HOST AGENT 7.20 PL62
sapgenpse already contained in the line tool sapgenpse are already contained
SAPHOSTAGENT<version>.SAR archive in the SAPHOSTAGENT <version>.SAR
archive.
For more information, see SSL Con guration

for the SAP Host Agent.
12/20/2019
Feature Description Available as of
Automated upgrade SAP Host Agent is enabled to check for SAP HOST AGENT 7.20 PL45
updates automatically and get upgraded if a
version of the SAP Host Agent executable is
found that is higher than the existing one.
For more information, see Automated

Upgrade of SAP Host Agent.
Related Information
SAP Host Agent
Architectural Overview of SAP Host Agent

SAP Host Agent provides a bunch of executables and services which are described in this section from an architecture point of
view.
The following graphics provide an overview about SAP Host Agent and its components:
12/20/2019
Executables and Services

The executable directory of SAP Host Agent is in the following location:
UNIX /usr/sap/hostctrl/exe
Windows %ProgramFiles%\SAP\hostctrl\exe
IBM i /usr/sap/hostctrl/exe and objects in library R3SAP400
SAP Host Agent has the following executable programs and services:
The SAPHostExec saphostexec is a service or daemon that only runs under privileged user accounts such as root on UNIX or
service Local System under Windows.
saphostexec hosts the life-cycle management processes of the SAP Host Agent itself, such as upgrade and
installation.
12/20/2019
The sapstartsrv SAPHostControl runs within SAP Host Agent under the sapadm user.
service
SAPHostControl SAPHostControl should not be confused with sapstartsrv which runs under the <sapsid>adm user in
the SAP system instance with the instance pro le.
Note
SAPHostControl contains the functionality of the previous CCMS agent SAPCCMSR, that is, the agent
that monitors hosts.
The operating system saposcol is a stand-alone program that runs in the operating system background. It runs independently of
collector saposcol SAP instances exactly once per monitored host. saposcol collects data about operating system resources,
including:
Usage of virtual and physical memory
CPU utilization
Utilization of physical disks and le systems
Resource usage of running processes
saposcol makes the data available using a segment of the shared memory for various applications and all
SAP instances on a host.
The DB4STATS program The DB4STATS program and command are partly contained in the R3SAP400 library. They provide the SAP
and command (IBM i only Database Performance Collector for IBM i. You can nd a detailed description of this collector in SAP Note
) 1622665 and in the documentation attached to this SAP Note.
The The SAP ILE daemon is needed to update ILE components (objects in libraries) from the patch archive after
SAP ILE daemon (IBM i installing a SAP kernel patch. You can nd a detailed description of the SAP ILE daemon in SAP Note 1637588
only ) .
Note
The installed programs are started automatically when the host is booted.
Windows On Windows hosts, this is done by the services SAPHostControl and SAPHostExec.
UNIX On UNIX the automatic start is ensured by the startup script sapinit.
IBM i On IBM i, the programs are started by the auto-start job entry SAPINIT in subsystem QUSRWRK, which was created
during the installation.
Pro le File
The pro le parameters of SAP Host Agent are stored in the host_profile le. This le is located in the executable directory of
the SAP Host Agent (see Executables and Services above).
Working Directory
The working directory of SAP Host Agent is in the following location:
UNIX, IBM /usr/sap/hostctrl/work

i
Windows %ProgramFiles%\SAP\hostctrl\work
12/20/2019
The working directory contains, among other things, the following con guration les:
CSMCONF Start le for the agents that contains connection data for the central monitoring system
SAPCCMSR.INI Contains information about the extent to which plug-ins, log les, and SAPOSCOL information should be
considered; this le is read when the agent is started.
In an ABAP system, you can display all les in the working directory of SAP Host Agent in the central monitoring system. You can
use transaction RZ21 to do this. In the Topology group box, select one of the Agents for ... radio buttons. The Monitoring: Display
Technical Topology screen appears. Now select SAP Host Agent and then choose Working Directory of the Agent. The system
displays the les of the directory. To display the contents of a le, choose the le by double-clicking it.
Log Files
The following log les are created during runtime for SAP Host Agent. They are available in the working directory of SAP Host
Agent:
sapstartsrv_ccms.log This log le is for central monitoring. It is stored in subdirectory sapccmsr of the working directory.
sapstartsrv.log Contains the developer trace for sapstartsrv
dev_saphostexec Contains the developer trace for saphostexec.
dev_sapdbctrl Contains the developer trace for sapdbctrl.
A log le is also created during runtime for SAP Host Agent with the name sapstartsrv_ccms.log, and log les are created
for RFC communication. The log les are stored in the sapccmsr subfolder of the working directory.
AL Files
For system instances, the AL* les ( ALMTTREE, ALPERFHI, and ALALERTS) are in the working directory of the SAP Host
Agent. $DIR_LOGGING directory. These les contain the monitoring segment data.
Related Information
SAP Host Agent
Downloading the SAPHOSTAGENT.SAR

Archive
The SAPHOSTAGENT<PL>.SAR archive contains all of the required elements for centrally monitoring any host. It is available for
all operating system platforms supported by SAP.
Context
It is automatically installed during the installation of SAP systems or instances with SAP kernel 7.20 or higher.
Procedure
1. Go to https://launchpad.support.sap.com/#/softwarecenter .
2. Log on with your SAP Support Portal ID.

12/20/2019
3. In the navigation bar, choose Support Packages and Patches By Category SAP Technology Components SAP HOST
AGENT SAP HOST AGENT 7.21 <operating system> .
4. Select the appropriate SAPHOSTAGENT<PL>.SAR archive from the Download tab.
Recommendation
Always select the highest Patch Level (PL) of the SAPHOSTAGENT<PL>.SAR archive, even if you want to monitor a
component of SAP NetWeaver with a lower release.
5. Make sure that the SAPCAR tool is available on the host where you want to install SAP Host Agent.
You need the SAPCAR tool in order to be able to decompress the SAPHOSTAGENT<PL>.SAR archive. For more
information about SAPCAR and how to get it, see SAP Note 212876 .

In many cases SAP Host Agent is installed automatically. However, there are certain cases when you have to install it manually.
SAP Host Agent is installed automatically during the installation of all new SAP system instances or instances with SAP kernel 7.20
or higher.
Recommendation
In high availability (HA) environments, SAP recommends installing the SAP Host Agent locally on every cluster node (host),
because the installation procedure places the SAP Host Agent les into the SAP system-independent directory path
/usr/sap/hostctrl. Make sure that this path is a local le system on every host of a high availability environment.
Installing the SAP Host Agent into a clustered le system is not supported.
The following sections describe how you can install SAP Host Agent separately:
Installing SAP Host Agent from the Command Line
Installing SAP Host Agent Using Software Provisioning Manager
Related Information
SAP Host Agent
Installing SAP Host Agent from the

Command Line
You can install SAP Host Agent from the command line by executing the saphostexec executable with option -install from
the extracted SAPHOSTAGENT<PL>.SAR archive.
Prerequisites
You have downloaded the SAPHOSTAGENT<PL>.SAR archive as described in Downloading the SAPHOSTAGENT.SAR
Archive
You have made sure that the following operating system-speci c requirements are met:
Windows You have installed the speci ed Microsoft security patch in accordance with the instructions in SAP Note 1375494 .
12/20/2019
You also need to install the latest version of the Microsoft Runtime used by SAP as described in SAP Note 684106 .
IBM i Option 33 of the operating system must be installed. Use menu GO LICPGM to check whether the option is installed
and install it if required.
IBM i The system startup program (speci ed in system value QSTRUPPGM) must contain the STRSBS command to start
subsystem QSYS/QUSRWRK. This is needed because SAPHOSTAGENT will be started as an auto-start job in subsystem
QSYS/QUSRWRK
Procedure
1. Log on as a user with the required authorization:
Windows As a member of the local Administrators group
UNIX As a user with root authorization
IBM i As a user pro le with special authorities *SECADM and *ALLOBJ, for example as user pro le QSECOFR.
If user pro le R3GROUP does not exist on your server, it will be created during the installation of SAP Host Agent. If
you have already installed SAP systems on other servers, we recommend that you use the same group ID (GID) for all
sapsys and R3GROUP groups in the system landscape. To obtain the group ID (GID) for R3GROUP on another IBM i
server in your landscape, enter the command DSPUSRPRF USRPRF(R3GROUP) and scroll down until you see the
value for Group ID number.
Note
The default password for user SAPADM is “sapofr”.
But to be able to log on with user SAPADM, you must rst change the pro le using the following command:
CHGUSRPRF USRPRF(SAPADM) INLMNU(*LIBL/MAIN)
Having nished your work, you can reset the previous state with CHGUSRPRF USRPRF(SAPADM)
INLMNU(*SIGNOFF).
If the password is no longer “sapofr”, you can set your own password with CHGUSRPRF USRPRF(SAPADM)
PASSWORD(<new_password>).
To be able to execute the CHGUSRPRF commands, you must be logged on as a user with QSECOFR authorizations.
2. IBM i only: Enter the command CALL PGM(QP2TERM) to start a PASE interactive terminal session.
3. Download the SAPHOSTAGENT<PL>.SAR archive as described in Downloading the SAPHOSTAGENT.SAR Archive
4. Copy the downloaded SAPHOSTAGENT<PL> archive to a temporary directory, for example:
Windows c:\temp\hostagent
UNIX, IBM /tmp/hostagent

i
5. Extract the SAPHOSTAGENT<PL>.SAR archive using SAPCAR.
Take SAP Note 212876 into account when doing so. Use the following command for extraction, and execute them in the
directory of the archive:
Windows <path to SAPCAR>\sapcar.exe -xvf <path to temporary directory>\SAPHOSTAGENT<PL>.SAR -

manifest SIGNATURE.SMF
12/20/2019
UNIX /<path to SAPCAR>/sapcar -xvf <path to temporary directory>/SAPHOSTAGENT<PL>.SAR -
IBM i /<path to SAPCAR>/SAPCAR -xvf <path to temporary directory>/SAPHOSTAGENT<PL>.SAR -

Among others, the archive contains the saphostexec program.
6. Start the installation by entering the following command:
Windows <path to temporary directory>\saphostexec.exe -install
If user sapadm does not yet exist, it is automatically created as a local user and you are prompted to enter a password
for this user to be created.
Note
In some cases it might be useful to con gure sapadm as a domain user instead of a local user, for example if you
have multiple Windows hosts in your system landscape each of which has SAP Host Agent. Enter the following
command to run saphostexec.exe while specifying sapadm as the domain user:
<path to temporary directory>\saphostexec.exe -install -user <domain>\sapadm
Recommendation
Use the additional parameter -verify to verify the content of the installation package against the SAP digital
signature:
UNIX <path to temporary directory>/saphostexec -install
The administrator user sapadm of the SAP Host Agent is created automatically during the installation, but it does not
get assigned a password.
Note
You can set the password in one of the following ways:
During the installation using the following command: <path to temporary

directory>/saphostexec -install -passwd
In this case saphostexec will prompt you to enter a password
After the installation has nished by entering the following command as user root: passwd sapadm
Recommendation
signature:
IBM i <path to temporary directory>/saphostexec -install -gid <gid>
Note
If you have already installed SAP systems on other servers, we recommend that you use the same group ID (GID)
for all sapsys or R3GROUP groups in the system landscape. To do this, enter your landscape system GID into
<gid> on the above command. If user pro le R3GROUP already exists, or if you want the saphostcontrol
installation to automatically generate a new group ID, enter the command <path to temporary
directory>/saphostexec -install without the addition -gid <gid> .
Recommendation
https://help.sap.com/http.svc/dynamicpdfcontentpreview?deliverable_id=21890361&topics=48c6f9627a004da5e10000000a… 10/36
12/20/2019
signature.
The progress of the installation is displayed on the command line.
7. After the installation has nished successfully, you can check whether SAP Host Agent is up and running by executing the
following command from the directory of the SAP Host Agent executables:
Windows %ProgramFiles%\SAP\hostctrl\exe\saphostexec.exe -status
UNIX, IBM /usr/sap/hostctrl/exe/saphostexec -status

i
8. IBM i only: Leave the PASE interactive terminal session using function key F3
Results
After the installation has nished successfully, SAP Host Agent is up and running.
Next Steps
You can now delete the temporary directory with all its content.
IBM i only: If it did not already exist, R3GROUP was created during the installation. Even though SAP Host Agent does not require
special authorities, we recommend that you grant the required authorities for system API's that need to be authorized for user
pro le R3GROUP for your SAP system now. For more information, see SAP Note 175852 .
Related Information
Installing SAP Host Agent Using Software

Provisioning Manager
You can also install SAP Host Agent using Software Provisioning Manager (formerly known as SAPinst).
Proceed as described in the documentation Installation Guide - Installation of SAP Host Agent on <OS> - Using Software
Provisioning Manager <Version> at: https://support.sap.com/sltoolset System Provisioning .
When using Software Provisioning Manager 2.0, choose the guide for your operating system from the following path:
Installation Option of Software Provisioning Manager 2.0 Installation Guides - SAP Host Agent
When using Software Provisioning Manager 1.0, choose the guide for your operating system from the following path:
System Provisioning Installation Option of Software Provisioning Manager 1.0 Installation Guides - Standalone Engines
and Clients SAP Host Agent
Related Information

12/20/2019
As part of the SAP instance, SAP Host Agent is upgraded automatically when you patch or upgrade the SAP kernel. However, we
recommend upgrading SAP Host Agent independently from the SAP instance, either by doing this manually or by con guring
automated upgrade.
Recommendation
If you have a 720 or 720_EXT patch level (PL) of SAP Host Agent installed, upgrade it to the latest version of SAP Host
Agent 721.
It is strongly recommended that you regularly upgrade SAP Host Agent to its latest version. See also SAP Note 2219592
.
The following sections describe how to do this:
Manual Upgrade of SAP Host Agent
Automated Upgrade of SAP Host Agent
Related Information
SAP Host Agent
Manual Upgrade of SAP Host Agent

You can manually upgrade SAP Host Agent from a downloaded SAPHOSTAGENT<PL>.SAR archive in one of the following ways:
You do not extract the downloaded SAPHOSTAGENT<PL>.SAR archive and run either the saphostexec executable with
option -upgrade -archive or the hostexecstart executable with option -upgrade from the hostctrl
directory while specifying the location of the downloaded SAPHOSTAGENT<PL>.SAR archive.
You extract the downloaded SAPHOSTAGENT<PL>.SAR archive to a temporary directory and run the saphostexec
executable with option -upgrade from this directory.
Related Information
Upgrading SAP Host Agent Without Extracting the SAPHOSTAGENT Archive
Upgrading SAP Host Agent From the ExtractedSAPHOSTAGENT Archive
Upgrading SAP Host Agent Without

Extracting the SAPHOSTAGENT Archive
You can upgrade the SAP Host Agent by running the saphostexec executable with option -upgrade -archive or by
running the hostexecstart executable with option -upgrade from the hostctrl directory of the existing SAP Host Agent
installation. In both cases you have to specify the location of the downloaded SAPHOSTAGENT<PL>.SAR archive.
Prerequisites
You have downloaded the required target release version of the SAPHOSTAGENT<PL>.SAR archive as described in Downloading
the SAPHOSTAGENT.SAR Archive.
Procedure
12/20/2019
UNIX As a user with root authorization or as a member of the sapsys group, for example <sapsid>adm
3. Copy the downloaded SAPHOSTAGENT<PL>.SAR archive to a temporary directory, for example:
UNIX , /tmp/hostagent
IBM i
4. Perform the upgrade by running the following command:
Windows "%ProgramFiles%\SAP\hostctrl\exe\saphostexec.exe" -upgrade -archive <path to

downloaded SAPHOSTAGENT<PL>.SAR>
Recommendation
signature:
UNIX
If you are logged on as a user with root authorization, the command is as follows:
/usr/sap/hostctrl/exe/saphostexec -upgrade -archive <path to downloaded

SAPHOSTAGENT<PL>.SAR>
If you are logged on as a member of the sapsys group, for example <sapsid>adm, the command is as
follows: /usr/sap/hostctrl/exe/hostexecstart -upgrade <path to downloaded
Recommendation
signature:
IBM i /usr/sap/hostctrl/exe/saphostexec -upgrade -archive <path to downloaded

Recommendation
signature:
The progress of the upgrade is displayed on the command line.
5. After the upgrade has nished successfully, you can check the version of the upgraded host agent by executing the
Windows "%ProgramFiles%\SAP\hostctrl\exe\saphostexec.exe" -version
UNIX
12/20/2019
/usr/sap/hostctrl/exe/saphostexec -version
If you are logged on as a member of the sapsys group, for example <sapsid>adm, the command is
as follows: /usr/sap/hostctrl/exe/hostexecstart -version
IBM i /usr/sap/hostctrl/exe/saphostexec -version
Next Steps
Post-requisites:
Related Information
Upgrading SAP Host Agent From the

ExtractedSAPHOSTAGENT Archive
You can upgrade the SAP Host Agent by running the saphostexec executable with option -upgrade from the directory to
which you extracted the downloaded SAPHOSTAGENT<PL>.SAR archive.
Prerequisites
You have downloaded the required target release version of the SAPHOSTAGENT<PL>.SAR archive as described in Downloading
the SAPHOSTAGENT.SAR Archive.
Procedure
3. Copy the downloaded SAPHOSTAGENT<PL>.SAR archive to a temporary directory, for example:
UNIX, /tmp/hostagent
IBM i
4. Extract the SAPHOSTAGENT<PL>.SAR archive using SAPCAR.

12/20/2019
Take SAP Note 212876 into account when doing so. Use the following command for extraction, and execute them in the
directory of the archive:
Windows <path to SAPCAR>\sapcar.exe -xvf <path to temporary directory>\SAPHOSTAGENT<PL>.SAR -

UNIX, /<path to SAPCAR>/sapcar -xvf <path to temporary directory>/SAPHOSTAGENT<PL>.SAR -

IBM i
Among others, the archive contains the saphostexec program.
5. Perform the upgrade by running the following command:
Windows <path to temporary directory>\saphostexec.exe -upgrade
Recommendation
You can use the additional parameter -verify to verify the content of the installation package against the SAP
digital signature
UNIX, /<path to temporary directory>/saphostexec -upgrade
IBM i
Recommendation
You can use the additional parameter -verify to verify the content of the installation package against the SAP
digital signature
The progress of the upgrade is displayed on the command line.
6. After the upgrade has nished successfully, you can check the version of the upgraded host agent by executing the
Windows "%ProgramFiles%\SAP\hostctrl\exe\saphostexec.exe" -version
UNIX
/usr/sap/hostctrl/exe/saphostexec -version
If you are logged on as a member of the sapsys group, for example <sapsid>adm, the command is as
follows: /usr/sap/hostctrl/exe/hostexecstart -version
IBM i /usr/sap/hostctrl/exe/saphostexec -version
Next Steps
Post-requisites:
Related Information
12/20/2019

SAP Host Agent is enabled to check for updates automatically and get upgraded if a version of the SAP Host Agent executable is
found that is higher than the existing one.
Con guring the Automated Upgrade Behavior of SAP Host Agent
Avoiding Incomplete Upgrade of SAP Host Agent
Con guring Delayed Auto-Upgrade of SAP Host Agent to Avoid Network Bottlenecks
See also SAP Note 1473974 .
Related Information
Con guring the Automated Upgrade

Behavior of SAP Host Agent
The running saphostexec executable regularly checks a directory $DIR_NEW, by default /usr/sap/hostctrl/new (on
UNIX and IBM i) or %ProgramFiles%\SAP\hostctrl\new (on Windows), where it expects to nd the latest version of the
executable of SAP Host Agent from the unpacked SAPHOSTAGENT.SAR archive.
Prerequisites
Windows You must be logged on as a member of the local Administrators group.
UNIX You must be logged on as a user with root authorizations.
IBM i You must be logged on as a user pro le with special authorities *SECADM and *ALLOBJ, for
example as user pro le QSECOFR.
Context
An upgrade is only performed if a version of the SAP Host Agent executable programs is found in the $DIR_NEW directory that is
higher than the version of the executable programs that exist in the SAP Host Agent executable directory.
Recommendation
The production version of the SAP Host Agent is available for customers as a digitally signed SAR archive. It is recommended
that you create an empty le .verify in the $DIR_NEW directory to enable the veri cation of the package integrity using
SAP digital signature during the auto-upgrade step.
Procedure
1. You can con gure the automated upgrade behavior by adapting the host_profile le which you can nd in the
following directory:
UNIX and IBM i /usr/sap/hostctrl/exe
12/20/2019
By default, the saphostexec program performs a check for updates every 5 minutes. You can change this
behavior by adapting pro le value hostexec/autoupgrade_delay= <minutes>.
In addition, you can also change the name and path of the directory that contains the newest SAP Host Agent
version using pro le value DIR_NEW= <path to a directory> .
Windows: If the new SAP Host Agent version is located on a network share, you have to use the UNC path for the
value of the DIR_NEW pro le parameter, for example: DIR_NEW = \\<your_host>\
<your_share>\SAPHostAgent\SAPHostAgent_Update
2. Once you have changed the SAP Host Agent pro le, you need to restart SAP Host Agent in order to make the changes take
effect:
a. IBM i: Enter the command CALL PGM(QP2TERM) to start a PASE interactive terminal session .
b. Change to the directory of the saphostexec executable:
UNIX, IBM i /usr/sap/hostctrl/exe
c. Run the following command to restart SAP Host Agent:
UNIX, IBM i ./saphostexec -restart
Windows saphostexec.exe -
restart
Related Information
Avoiding Incomplete Upgrade of SAP Host

Agent
We recommend that you create an empty le called .upgrading in the $DIR_NEW directory to avoid that saphostexec starts
the upgrade procedure during the extraction of SAPHOSTAGENT<PL>.SAR - with the consequence that only part of the newest
version of the packages is upgraded.
Procedure
1. Create the .upgrading le in the $DIR_NEW directory.
2. Extract SAPHOSTAGENT<PL>.SAR to $DIR_NEW.
3. Remove .upgrading from the $DIR_NEW directory.
Example
This example shows how you proceed on UNIX. You can proceed analogously on other operating system platforms:
Sample Code
cd /usr/sap/hostctrl/new/
12/20/2019
touch .upgrading
SAPCAR -xvf SAPHOSTAGENT <PL>.SAR -manifest SIGNATURE.SMF
rm .upgrading
Related Information
Con guring Delayed Auto-Upgrade of SAP

Host Agent to Avoid Network Bottlenecks
Within large installations, it normally makes sense to use one single share where the content of SAPHOSTAGENT<PL>.SAR is
extracted regularly.
Context
With this con guration the simultaneous upgrade of many machines is very easy. Unfortunately, if all machines start to access a
single network share, it could result in a network bottleneck, and in case of a restrictive rewall con guration, to a complete
outage.
To avoid this kind of problem, for large landscapes you can additionally create a con guration le within $DIR_NEW, containing
the maximum time range of an upgrade. In this case the various saphostexec processes of the different machines will plan the
upgrade in a random way within a well de ned time window.
Procedure
Create a le in $DIR_NEW called .delay.
The format of the le is as follows: <Value1> random- <Value2> :
<Value1> represents the number of minutes after an auto-upgrade is checked, and <Value2> the maximum value of
minutes after which the auto-upgrade is started.
The real upgrade delay value in minutes is given by: Delay = <Value1> + <randomValue> *<Value2>
Example
500
Auto-upgrade checks the version of the le contained in $DIR_NEW every 500 minutes.
<Value2> is optional and could be omitted.
Example
500random500
Auto-upgrade checks the version of the le contained in $DIR_NEW every 500 minutes.
Once the version of SAP Host Agent contained within $DIR_NEW is newer, the upgrade will be started within the next
500 minutes. The exact time when the upgrade is started is a random value between 1 and 500 minutes.
12/20/2019
Related Information

Here you nd information about the most relevant aspects of SAP Host Agent con guration.
Enabling SAP Host Agent Registration in SLD

To enable the automatic registration to SLD you have to con gure the connectivity information using the command line
tool sldreg.
SSL Con guration for the SAP Host Agent
Con guring secure socket layer (SSL) for SAP Host Agent is a multi-step procedure. The following sections exemplarily
describe SSL con guration on UNIX, Windows and IBM i.
Enabling Audit Logging
SAP Host Agent provides the means to perform audit logging for every operation the SAP Host Agent is executing. If you
want to use audit logging, you have to activate it using the related entries in the host_profile le.
Binding Only Speci c IP Addresses
You can con gure SAP Host agent only to accept network connections for speci c IP addresses or host names.
Operating System Monitoring - Object Filters
In some cases it might be required to con gure operating system objects - for example le systems - which are to be
included or excluded from the Operating System monitoring process.
Enabling SAP Host Agent Registration in SLD

To enable the automatic registration to SLD you have to con gure the connectivity information using the command line tool
sldreg.
Prerequisites
You must be logged on as a user with the appropriate authorizations:
Windows As a member of the local Administrators group.
UNIX As a user with root authorizations.
Procedure
1. You are on the host that you want to register in the SLD.
2. IBM i: Enter the command CALL PGM(QP2TERM) to start a PASE interactive terminal session .
3. Change to the following directory as current directory ( DIR_GLOBAL Directory):
(language-
dependent)
UNIX, IBM i /usr/sap/hostctrl/exe
12/20/2019
4. Call the sldreg executable with the following command:
Windows sldreg -configure slddest.cfg
UNIX, IBM ./sldreg -configure slddest.cfg

i
Caution
You have to make sure that the SLD connection le is named slddest.cfg and that it is located in the DIR_GLOBAL
directory of SAP Host Agent. Otherwise the registration does not work.
Note
UNIX, IBM i: To be able to access its libraries, the sldreg program requires the path /usr/sap/hostctrl/exe in
the search path for libraries.
UNIX: For example, under Linux with a C shell, you can achieve this with the following command:
setenv LD_LIBRARY_PATH /usr/sap/hostctrl/exe:$LD_LIBRARY_PATH
IBM i: From within QP2TERM, you can achieve this with the following command: export
LIBPATH=/usr/sap/hostctrl/exe:$LIBPATH
5. Enter the connection data for the SLD with which you want to register this host:
SLD user that has been assigned the role DataSupplierLD
Password of the above user
Host and HTTP port of the SLD
Protocol (HTTP or HTTPS)
6. Con rm that you want to save this data in the encrypted le slddest.cfg.
7. Restart SAP Host Agent by executing the following command:
Windows saphostexec.exe -restart
UNIX, IBM ./saphostexec -restart

i
The restart generates an XML le in the working directory of SAP Host Agent and transfers it to the SLD. This XML le
contains all of the information about the host that the SLD requires.
Results
You have registered the local host with an SLD.
Next Steps
You can check if the registration was performed successfully. To do this, call the start page of the SLD with the URL http://
<host>: <port>/sld, and choose Technical Systems. Choose AS Java In the Technical System Type drop-down list box. The
host that you have just registered is displayed.
12/20/2019
Related Information

Con guring secure socket layer (SSL) for SAP Host Agent is a multi-step procedure. The following sections exemplarily describe
SSL con guration on UNIX, Windows and IBM i.
The main steps for manual SSL con guration are as follows:
1. Preparing the environment for SAP Cryptographic Library
2. Preparing the Personal Security Environment (PSE) for the server
3. Preparing the Personal Security Environment (PSE) for the client
4. Establishing trust between the client and SAP Host Agent
5. Allowing the client to issue administrative commands
The following sections exemplarily describe SSL con guration on UNIX, Windows and IBM i.
You can also con gure SAP Host Agent SSL with a self-signed certi cate.
Con guring SSL for SAP Host Agent on Windows

This section exemplarily describes SSL con guration for the SAP Host Agent on Windows.
Con guring SSL for SAP Host Agent on UNIX
This section exemplarily describes SSL con guration for the SAP Host Agent on UNIX.
Con guring SSL for SAP Host Agent on IBM i
This section exemplarily describes SSL con guration for the SAP Host Agent on IBM i.
Con guring SSL for SAP Host Agent on

Windows
This section exemplarily describes SSL con guration for the SAP Host Agent on Windows.
Prerequisites
You must be logged on as a member of the local Administrators group.
Context
In the following procedure we assume that you are using the default naming for the server PSE. If you want to override the default
.pse name, you can use the following value in the pro le le of SAP Host Agent ( host_profile):
ssl/server_pse= <Path to Server PSE>
Procedure
1. Prepare the environment for SAP Cryptographic Library:
12/20/2019
a. Open a command line prompt and change to the %ProgramFiles%\SAP\hostctrl\exe directory.
b. Create a subdirectory named sec and set the SECUDIR environment variable to refer to the new directory using the
following commands:
%ProgramFiles%\SAP\hostctrl\exe> mkdir sec
%ProgramFiles%\SAP\hostctrl\exe> set SECUDIR=%ProgramFiles%\SAP\hostctrl\exe\sec
Note
Alternatively, you can also use another directory, but then you have to specify this directory in the
host_profile le, using the parameter SETENV_<XX> = SECUDIR =<another_directory>, where
<XX> is the appropriate index of the SETENVs you have already used.
Example: SETENV_00 = SECUDIR = /usr/sap/shared_sec
If you are using a different name for the PSE, other than SAPSSLS.pse, you must con gure this as well in the
host_profile le, using the ssl/server_pse parameter.
Example: ssl/server_pse = MY_SERVER_PSE.pse
Make sure that the SAP Host Agent's sapadm user has read access to the directory and the PSE.
Recommendation
Set up SECUDIR as an absolute path in order to avoid trouble with the sapgenpse tool.
c. Make sure that the les are readable and executable by user sapadm.
2. Prepare the Personal Security Environment (PSE) for the server:
The server PSE contains the server certi cate, which is presented to the client when establishing the SSL connection, and
the names and public keys of the trusted certi cates. Trusted certi cates can be either certi cates issued by a Certi cation
Authority (CA) or individually trusted certi cates.
a. Create the server PSE, the server certi cate therein, and the Certi cate Signing Request (CSR) .
Example
%ProgramFiles%\SAP\hostctrl\exe> sapgenpse gen_pse -p SAPSSLS.pse -x passwd1 -r
This command creates a PSE le named SAPSSLS.pse (name is xed), which can be used to authenticate
myhost.wdf.sap.corp for incoming SSL connections. The access to the PSE le is protected with
passwd1. Use the -r option to direct the certi cate signing request to a le, or omit it if you intend to copy and
paste the CSR into a Web form.
b. Grant the SAP Host Agent access to the server PSE.
Example
%ProgramFiles%\SAP\hostctrl\exe> sapgenpse seclogin -p SAPSSLS.pse -x passwd1 -
c. Get the certi cate as follows:
i. If you do not use individually trusted certi cates, send the certi cate signing request to an appropriate CA.
ii. Assuming that the CA replies to the request le with a CA-response- le which contains the signed certi cate
in the PKCS#7 format, you can use this le as an input for importing the signed certi cate into the server
PSE.
d. Import the signed certi cate into the server PSE.
12/20/2019
Example
%ProgramFiles%\SAP\hostctrl\exe> sapgenpse import_own_cert -p SAPSSLS.pse -x pa
(if the used format is PKCS#7).
e. Verify the server certi cate chain.
Example
%ProgramFiles%\SAP\hostctrl\exe> sapgenpse get_my_name -p SAPSSLS.pse -x passwd
3. Restart SAP Host Agent.
4. Prepare the Personal Security Environment (PSE) for the client:
The client PSE contains the client certi cate that is sent to SAP Host Agent when establishing the SSL connection, and the
names and public keys of the trusted certi cates. For the client, trusted certi cates can only be certi cates that are issued
by a Certi cation Authority (CA).
The con guration steps are client-speci c, that is why we only describe them in a generic way. Follow the instructions in
the speci c client documentation.
Examples for possible clients are the SAP Management Console (SAP MC), the Diagnostics Agent in SAP Solution
Manager, or the SAP Landscape Virtualization Management (LVM) software (formerly known as Adaptive Computing
Controller (ACC)).
Results
Recommendation
If you successfully applied the procedure described above, SAP Host Agent also serves port 1129 for SSL communication.
Related Information
Con guring SSL for SAP Host Agent on

UNIX
This section exemplarily describes SSL con guration for the SAP Host Agent on UNIX.
Prerequisites
You are logged on as a user with root authorization.
Context
Procedure
12/20/2019
The server PSE contains the server certi cate that is presented to the client when establishing the SSL connection, and the
names and public keys of the trusted certi cates. Trusted certi cates can be either certi cates issued by a Certi cation
Proceed as follows:
a. Create a directory /usr/sap/hostctrl/exe/sec using the mkdir command.
Note
b. Assign the ownership for the sec directory to sapadm:sapsys.
c. Set up the shared library search path ( LD_LIBRARY_PATH, LIBPATH or SHLIB_PATH) and SECUDIR
environment variables, and change to the exe directory of SAP Host Agent.
Example
On Linux and Solaris, the required commands are as follows:
export LD_LIBRARY_PATH=/usr/sap/hostctrl/exe/
export SECUDIR=/usr/sap/hostctrl/exe/sec
cd /usr/sap/hostctrl/exe
On HP-UX, the required commands are as follows:
export SHLIB_PATH=/usr/sap/hostctrl/exe/
On AIX , the required commands are as follows:
export LIBPATH=/usr/sap/hostctrl/exe
Recommendation
d. Create the server PSE, the server certi cate therein, and the Certi cate Signing Request (CSR).
Run the command as user sapadm so that the created les are owned by this user.
12/20/2019
Example
sudo -u sapadm LD_LIBRARY_PATH=/usr/sap/hostctrl/exe SECUDIR=/usr/sap/hostctrl/
This command creates a PSE le named SAPSSLS.pse (name is xed), which can be used to authenticate
myhost.wdf.sap.corp for incoming SSL connections. The access to the PSE le is protected with a
password. Use the -r option to direct the certi cate signing request to a le, or omit it if you intend to copy and
paste the CSR into a web formular.
e. Grant SAP Host Agent access to the server PSE.
Example
f. Get the certi cate as follows:
i. Send the certi cate signing request to an appropriate CA.
PSE.
Example
If the used format is PKCS#7, the text le could be named myhost.p7b. We use this le name in the
following examples.
g. Import the signed certi cate into the server PSE.
Example
h. Verify the server certi cate chain.
Example
2. Restart SAP Host Agent.
The client PSE contains the client certi cate that is sent to SAP Host Agent when the SSL connection is established, and
the names and public keys of the trusted certi cates from CA.
Examples for possible clients are the SAP Management Console (SAP MC), the SAP Solution Manager Diagnostics Agent,
or the SAP Landscape Virtualization Management (LVM) software (formerly known as Adaptive Computing Controller
(ACC)).
Results
Recommendation
12/20/2019
Related Information
Con guring SSL for SAP Host Agent on IBM i

This section exemplarily describes SSL con guration for the SAP Host Agent on IBM i.
Prerequisites
You must be logged on as a user pro le with special authorities *SECADM and *ALLOBJ, for example as user pro le QSECOFR.
Context
Procedure
The server PSE contains the server certi cate, which is presented to the client when establishing the SSL connection, and
the names and public keys of the trusted certi cates. Trusted certi cates can be either certi cates issued by a Certi cation
a. You must temporarily enable the login for user SAPADM. To change the user pro le, enter the following command:
CHGUSRPRF USRPRF(SAPADM) INLMNU(MAIN) LMTCPB(*NO)
Note
The default password for user SAPADM is “sapofr”.
But to be able to log on with user SAPADM, you must rst change the pro le using the following command:
CHGUSRPRF USRPRF(SAPADM) INLMNU(*LIBL/MAIN)
Having nished your work, you can reset the previous state with CHGUSRPRF USRPRF(SAPADM)
INLMNU(*SIGNOFF).
If the password is no longer “sapofr”, you can set your own password with CHGUSRPRF USRPRF(SAPADM)
PASSWORD(<new_password>).
To be able to execute the CHGUSRPRF commands, you must be logged on as a user with QSECOFR
authorizations.
b. Create a directory /usr/sap/hostctrl/exe/sec using the following command:
CRTDIR DIR('/usr/sap/hostctrl/exe/sec') DTAAUT(*EXCLUDE) OBJAUT(*NONE)
Note
12/20/2019
c. Change the owner and primary group of the PSE directory and set the appropriate authorities using the following
command:
QSYS/CHGOWN OBJ('/usr/sap/hostctrl/exe/sec') NEWOWN(SAPADM)
QSYS/CHGPGP OBJ('/usr/sap/hostctrl/exe/sec') NEWPGP(R3GROUP) DTAAUT(*RWX)
d. Now log on as user SAPADM and execute the command CALL PGM(QP2TERM) before entering the commands of
the following steps.
e. Set up the shared library search path ( LIBPATH) and SECUDIR environment variables, and change to the exe
directory of SAP Host Agent.
The required commands are as follows:
export LIBPATH=/usr/sap/hostctrl/exe
Recommendation
f. Create the server PSE, the server certi cate therein, and the Certi cate Signing Request (CSR) using the following
command:
. ./sapgenpse gen_pse -p SAPSSLS.pse -x <PASSWORD>-r <PKCS#10 requestfile>

<DISTINGUISHED NAME>
This command creates the PSE le /usr/sap/hostctrl/exe/sec/SAPSSLS.pse (the name is xed), which
can be used to authenticate the host described by <DISTINGUISHED NAME> for incoming SSL connections.
Access to the PSE le is protected with password <PASSWORD> .
The CSR is written into the stream le <PKCS#10 requestfile> . You can ignore the warning
sapgenpse WARNING: Environment variable "USER" not defined!
Example
./sapgenpse gen_pse -p SAPSSLS.pse -x pass -r /tmp/myhost-csr.p10 "CN=myhost.my
This command creates the PSE le /usr/sap/hostctrl/exe/sec/SAPSSLS.pse, which can be used to

authenticate myhost.wdf.sap.corp for incoming SSL connections. Access to the PSE le is protected with
the password pass. The CSR is written into the stream le /tmp/myhost-csr.p10.
g. Grant SAP Host Agent access to the server PSE using the following command:
./sapgenpse seclogin -p SAPSSLS.pse -x <PASSWORD>-O sapadm
Example
./sapgenpse seclogin -p SAPSSLS.pse -x pass -O sapadm
h. Get the certi cate as follows:
12/20/2019
i. Transfer the stream le containing the CSR (certi cate signing request) to a PC and send it to the
Certi cation Authority (CA) you are using.
PSE. Transfer this text le to a stream le on your IBM i.
Example
The text le could be named myhost.p7b and transferred to the stream le /tmp/myhost.p7b. We
use this le name in the following examples.
i. Import the signed certi cate into the server PSE using the following command:
./sapgenpse import_own_cert -p SAPSSLS.pse -x <PASSWORD>-c <CA-response-file>
Example
./sapgenpse import_own_cert -p SAPSSLS.pse -x pass -c /tmp/myhost.p7b
j. Verify the server certi cate chain using the following command:
./sapgenpse get_my_name -p SAPSSLS.pse -x <PASSWORD>-v
Example
./sapgenpse get_my_name -p SAPSSLS.pse -x pass -v
k. To reset the changes to user pro le SAPADM that you have made in step 1.a), leave program QP2TERM with function
key F3 and enter the following command:
CHGUSRPRF USRPRF(SAPADM) INLMNU(*SIGNOFF) LMTCPB(*YES)
l. Log on as a user pro le with special authorities *SECADM and *ALLOBJ, for example as user pro le QSECOFR and
execute the command CALL PGM(QP2TERM) before entering the command following which restarts SAP Host
Agent:
/usr/sap/hostctrl/exe/saphostexec -restart
The client PSE contains the client certi cate, which is sent to SAP Host Agent when the SSL connection is established, and
the names and public keys of the trusted certi cates from CA.
Examples for possible clients are the SAP Management Console (SAP MC), the Diagnostics Agent in SAP Solution
Manager, or the SAP Landscape Virtualization Management (LVM) software (formerly known as Adaptive Computing
Controller (ACC)).
Results
Related Information
Enabling Audit Logging

12/20/2019
SAP Host Agent provides the means to perform audit logging for every operation the SAP Host Agent is executing. If you want to
use audit logging, you have to activate it using the related entries in the host_profile le.
Context
The operating systems which are supported by Host Agent have built-in means of audit logging. On UNIX and Linux, SAP Host
Agent uses the syslog (/var/log/messages), and in Windows the Application Eventlog. The user can decide if audit
logging is done using OS means or provide a le to which all audit messages are written. Audit logging is disabled by default. You
can enable and con gure it using host_profile parameters.
Procedure
1. Edit the host_profile le.
For information about where you can nd this le, see the Pro le File section in Architectural Overview of SAP Host Agent.
2. Change the following parameters according to your needs:
Parameter Description
service/auditlevel=0/1 0 disables audit logging, 1 enables audit logging.
service/auditlogfile=<FILE_NAME> |If an audit log le is provided by the user, SAP Host Agent uses the <FILE_NAME>
log le in the SAP Host Agent’s work directory for audit logging. Eventlog and
Syslog are not used in this case. If the le does not exist, it is created by SAP Host
Agent.
service/auditlogfilesize=0...X If an audit log le is provided, the user can decide to which extent the log le is
allowed to grow. All sizes must be given in MB (Megabyte). If the con gured size is
exceeded, the current audit log le is saved to <FILENAME>.old and a new audit
log le is created. If the size is set to 0 or if the parameter is not con gured at all, the
audit log le can grow unlimitedly.
service/accesslog=1 Enables HTTP access log.
If this parameter is set, a le called access.log is created within the HOME

Directory of SAP Host Agent.
service/accesslogsize=0...X If this parameter is set, users can decide up to which extent the access.log can
grow.
All sizes must be given in MB (Megabyte). If the size is exceeded, the current
access.log is saved to <FILENAME>.old and a new audit access.log is
created. In case of size 0 or if the parameter is not given at all, the access.log can
grow without limitation.
3. Restart SAP Host Agent to activate the changed con guration settings.
Example
Audit logging output is always written in one line and can look like this:
[2012/08/24 11:22:16][AUDIT SUCCESS]Operation ListInstances; Socket type Network Socket;

Remote IP 127.0.0.1; Remote port 60779; Username Not Available Labels parameters
Related Information
12/20/2019
Binding Only Speci c IP Addresses

You can con gure SAP Host agent only to accept network connections for speci c IP addresses or host names.
You can achieve this in one of the following ways:
Using the pro le value service/hostname

1. Specify the following value in the host_profile of the SAP Host Agent:
service/hostname = <host_name>
or
service/hostname = <IP_Address>
Example
service/hostname = 127.0.0.1
2. Restart the SAP Host Agent by executing the following command:
saphostexec -restart
SAP Host Agent should now bind only the speci ed IP address.
Example
On Linux, you can check this as follows:
/usr/sap/hostctrl/exe# netstat -tlnp | grep 1128
tcp 00 127.0.0.1:11280 0.0.0:* LISTEN 8368/sapstartsrv
/usr/sap/hostctrl/exe#
You can see that only 127.0.0.1 is bound
Using Network ACL (Access Control List)

1. Specify the following value in the host_profile of the SAP Host Agent:
service/http/acl_file = <Path_to_an_ACL_file> or service/https/acl_file =

<Path_to_an_ACL_file> if you use HTTPS.
You can also set both values.
2. Restart the SAP Host Agent by executing the following command:
saphostexec -restart
The ACL le should be con gured as speci ed in SAP Note 1495075 .
12/20/2019
SAP Host Agent will still bind all available addresses, but as soon a client tries to connect, it is either refused or accepted
according to the ACL le con guration.
Operating System Monitoring - Object Filters

In some cases it might be required to con gure operating system objects - for example le systems - which are to be included or
excluded from the Operating System monitoring process.
As of SAP Host Agent 721 PL25 , you can con gure that the operating system objects are monitored in the osfilter.conf le.
This le is located within the con guration directory of SAP Host Agent : /usr/sap/hostctrl/exe/config.d (on UNIX) or
C:\Program Files\SAP\hostctrl\exe\config.d (on Windows).
The le can contain several rules to read line by line
The syntax of one line is the following:
<ObjectType>[+/-]: <attribute>(<pattern>);...<attribute>(<pattern>)
There are 2 types of rule: Including rules speci ed by [+] and excluding rules speci ed by [-]
Including rules can omit the [+] sign .
All lines starting with a # sign are ignored and considered as comment lines.
If neither rules nor a speci c <ObjectType> are speci ed , then all Objects of this type are included within the operating
system monitoring process.
As soon as one single rule is de ned, the matching process is executed according to the following rules:
<pattern> speci es a string supporting special wildcards signs:
* : Matches any character (0 or many occurrence)
? : Matches exactly one occurrence of any character
! : Negates the match only if speci ed at the begin of the pattern
All Including [+] rules are processed using an OR operator.
Each <attribute> of one single rule (speci ed using the ';' separator) matches using an AND operator.
The rst matching exclude [-] rule excludes the object from the process without further processing.
This means in general that you choose between two generic approaches which return the same results:
1. De ne only include rules which matches the object you would like to monitor.
2. De ne include rules and exclude afterwards the object you want to exclude explicitly.
There are advantages and disadvantages when using approach 1 or 2. You can decide on the best approach only based on the
requirements of the use case.
The supported <ObjectType> is currently : Filesystem
Note
saposcol offered a similar functionality in the past. For more information, see SAP Note 498112 . See also SAP Note
1102124 for special requirements on Linux.
Filesystem
12/20/2019
In general, the Filesystem object supports the following attributes : mount , device , type
mount matches the mount point name of the le system
device matches the device speci ed
type matches the le system type
You can nd all attributes executing the command mount or df on Linux, for example:
Sample Code
root@lu0140:/usr/sap/hostctrl/exe# df -T
Filesystem Type 1K-blocks Used Available Use% Mounted on
udev devtmpfs 65940396 0 65940396 0% /dev
tmpfs tmpfs 13192852 68016 13124836 1% /run
/dev/mapper/ubuntu--vg-root ext4 829098112 375847356 411111928 48% /
tmpfs tmpfs 65964240 20804 65943436 1% /dev/shm
tmpfs tmpfs 5120 4 5116 1% /run/lock
tmpfs tmpfs 65964240 0 65964240 0% /sys/fs/cgroup
/dev/sda1 ext2 482922 286209 171779 63% /boot
tmpfs tmpfs 13192852 88 13192764 1% /run/user/1000
Here an example of a con guration le for le systems:
Sample Code
#
# Syntax:
# <ObjectType>[+/-]: <attribute>(<pattern>);...<attribute>(<pattern>)
# + = include,
# - = exclude,
# <ObjectType> = Filesystem, Process
# <attribute> :
# Filesystem -> mount, device, type (or Mount, Device, Type for case-sensitive match)
# Process -> cmd, args, user, group, uid
# <pattern> : support !, *, ?
# ! only @ begin of the pattern negate the match
# * match any character (0 or many occurrence)
# ? match 1 occurrence of any charachter
# In general all [+] filter are aggregated using the or operation
# but as soon a [-] match the FileSystem is excluded without any additional check!
#
# If no filter is set all objects are selected.
# As soon 1 single filter, for the ObjectType, is set nothing except the matching rule is selecte
Filesystem[+]: mount(*)
Filesystem[-]: type(proc)
Filesystem[-]: type(tmp*)
Filesystem[-]: type(sys*)
Filesystem[-]: type(cgroup*)
Conversion from saposcol FileSystem lter

If customers already use the saposcol functionality speci ed in SAP Note 498112 , we offer a conversion tool called
convertoscolfilter .
You can run this tool as follows:
$ ./convertoscolfilter
Usage:
12/20/2019
-fs <path to sapocol dev_filter>
[-out <path to the output file:] [default osfilter.conf]
By default, the tool prints the converted lter in stdout. You can override this behavior by providing the argument -out with the
<path> to be used.
If the le provided to -out already exists, a new le called <path>.new is created. Then the tool prints the following message:
$ ./convertoscolfilter -fs dev_filter -out osfilter.conf

INFO: 'osfilter.conf' exists uses 'osfilter.conf.new' instead
$
Uninstalling SAP Host Agent

You can uninstall SAP Host Agent by running the saphostexec executable from the command line.
Prerequisites
Windows You must be logged on as a member of the local Administrators group.
UNIX You must be logged on as a user with root authorizations.
IBM i You must be logged on as a user pro le with special authorities *SECADM and *ALLOBJ, for example as user pro le
QSECOFR.
Context
On Windows, you can also unistall the SAP Host Agent using Control Panel Programs and Features .
Procedure
2. Run the following command from the command line:
UNIX, IBM /usr/sap/hostctrl/exe/saphostexec -uninstall

i
Windows "%ProgramFiles%\SAP\hostctrl\exe\saphostexec.exe" -uninstall
Results
This command stops the executables and services of SAP Host Agent and deletes the following:
The work directory of SAP Host Agent
The exe directory of SAP Host Agent
Windows: The local sapadm user and SAP_LocalAdmin group
Related Information
SAP Host Agent
12/20/2019

Here you can nd a reference of the command line options available for the SAP Host Agent executables.
SAP Host Agent Reference - Command Line Options of the saphostexec Executable
SAP Host Agent Reference - Command Line Options of the hostexecstart Executable
Related Information
SAP Host Agent
SAP Host Agent Reference - Command Line

Options of the saphostexec Executable
Usually SAP Host Agent is automatically started when the operating system is booted. You can also manually control it using the
saphostexec program.
Prerequisites
You are logged on as a user with the required authorization:
IBM i As a user pro le with special authorities *SECADM and *ALLOBJ, for example as user pro le
QSECOFR
Features
You call the program from the command line with the following syntax:
Windows "%ProgramFiles%\SAP\hostctrl\exe\saphostexec.exe" -[option] [pf=

<ProfilePath>]
UNIX, IBM i /usr/sap/hostctrl/exe/saphostexec -[option] [pf=<ProfilePath>]
where <ProfilePath> is path to the pro le le ( host_profile) of SAP Host Agent. By default the host_profile le is
located in the executable directory.
You can execute saphostexec with the following command line options:
Option Meaning
-help Lists all command line options of saphostexec with documentation
12/20/2019
Option Meaning
-install [-verify] Installs SAP Host Agent
Recommendation
Use the additional parameter -verify to verify the content of the installation package
against the SAP digital signature.
-upgrade [-verify][-archive] Upgrades SAP Host Agent
Without further parameters you run this option with the saphostexec executable from
the extracted SAPHOSTAGENT<PL-target version>.SAR archive.
When you run SAPhostexec -upgrade from the hostctrl directory of the existing
SAP Host Agent installation, you use the -archive parameter to provide the direct path
to the archive with the required target release version without manually extracting the
archive before.
-verify
It is recommended that you use the additional parameter -verify parameter to check
the content of the installation package against the SAP digital signature.
-uninstall Uninstalls SAP Host Agent
-restart Starts or restarts SAP Host Agent
-stop Stops a running SAP Host Agent
-status Returns the status of SAP Host Agent
-version Returns the version of SAP Host Agent with detailed information
Related Information
SAP Host Agent Reference - Command Line

Options of the hostexecstart Executable
The hostexecstart program is a command line tool available for UNIX operating systems. It allows a user that does not have
root authorization to perform some control operations relevant for the lifecycle of SAP Host Agent.
Prerequisites
You have to be member of group sapsys, for example <sapsid>adm, to be able to execute the program.
Features
You call the program from the command line with the following syntax:
/usr/sap/hostctrl/exe/hostexecstart -[option] [pf=<ProfilePath>]
Calling hostexecstart without any arguments starts SAP Host Agent
12/20/2019
You can execute hostexecstart with the following command line options:
Option Meaning
-help Lists all command line options of hostexecstart with documentation
-upgrade <path to downloaded Upgrades SAP Host Agent using the path to the downloaded SAPHOSTAGENT <PL>.SAR
-start Starts SAP Host Agent if it is not running
-restart Restarts SAP Host Agent
-status Returns the information whether SAP Host Agent is running or not running
-version Returns the version of SAP Host Agent with detailed information
Related Information

AutoUpgrade SAP Host Agent

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AutoUpgrade SAP Host Agent

Uploaded by

Copyright:

Available Formats

12/20/2019

SAP Host Agent

Original content: https://help.sap.com/viewer/141cbf7f183242b0ad0964a5195b24e7/118/en-US

For more information, please visit the https://help.sap.com/viewer/disclaimer.

SAP Host Agent

Validity of this Documentation

SAP Host Agent Usage

SAP instance discovery and inventory

SAP instance control

Database monitoring and management

System or instance provisioning:

Hosting software lifecycle (SL) tools interfaces

Operating system monitoring:

Using Common Information Model (CIM) based infrastructures

IBM i-speci c features:

Dynamically adopted authorization for SAP kernel 7.20 and higher

SAP ILE daemon (SAPILED)

SAP Database Performance Collector for IBM i

SAP Host Agent Change Log

Feature Description Available as of

For more information, see Upgrading SAP

For more information, see Enabling Audit

For more information, see SSL Con guration

Feature Description Available as of

For more information, see Automated

Architectural Overview of SAP Host Agent

Executables and Services

IBM i /usr/sap/hostctrl/exe and objects in library R3SAP400

Usage of virtual and physical memory

Utilization of physical disks and le systems

Resource usage of running processes

UNIX, IBM /usr/sap/hostctrl/work

sapstartsrv.log Contains the developer trace for sapstartsrv

dev_saphostexec Contains the developer trace for saphostexec.

dev_sapdbctrl Contains the developer trace for sapdbctrl.

Downloading the SAPHOSTAGENT.SAR

2. Log on with your SAP Support Portal ID.

4. Select the appropriate SAPHOSTAGENT<PL>.SAR archive from the Download tab.

SAP Host Agent Installation

Installing SAP Host Agent from the Command Line

Installing SAP Host Agent Using Software Provisioning Manager

Installing SAP Host Agent from the

Windows As a member of the local Administrators group

UNIX As a user with root authorization

3. Download the SAPHOSTAGENT<PL>.SAR archive as described in Downloading the SAPHOSTAGENT.SAR Archive

4. Copy the downloaded SAPHOSTAGENT<PL> archive to a temporary directory, for example:

UNIX, IBM /tmp/hostagent

5. Extract the SAPHOSTAGENT<PL>.SAR archive using SAPCAR.

Windows <path to SAPCAR>\sapcar.exe -xvf <path to temporary directory>\SAPHOSTAGENT<PL>.SAR -

IBM i /<path to SAPCAR>/SAPCAR -xvf <path to temporary directory>/SAPHOSTAGENT<PL>.SAR -

Among others, the archive contains the saphostexec program.

6. Start the installation by entering the following command:

Windows <path to temporary directory>\saphostexec.exe -install

<path to temporary directory>\saphostexec.exe -install -user <domain>\sapadm

UNIX <path to temporary directory>/saphostexec -install

During the installation using the following command: <path to temporary

In this case saphostexec will prompt you to enter a password

IBM i <path to temporary directory>/saphostexec -install -gid <gid>

The progress of the installation is displayed on the command line.

Windows %ProgramFiles%\SAP\hostctrl\exe\saphostexec.exe -status

UNIX, IBM /usr/sap/hostctrl/exe/saphostexec -status

Installing SAP Host Agent Using Software

SAP Host Agent Upgrade