Yes, often the x'FE' record is the first record. (BTW, there can be multiple records.) This echoes the specification given.
The CKF0182 documents whatever the effective settings eventually turn out to be.
Over to René, I suppose :-)
Regards,
Original Message:
Sent: Thu July 10, 2025 08:09 AM
From: Lennie Dymoke-Bradshaw
Subject: zSecure Alert Extended Monitoring CKFREEZE datasets
Thanks to Rene and Jeroen.
Rene,
These messages found in only one of the three LPARs,
C2P0436I Extended Monitoring is active
C2P0437I Extended Monitoring snapshot retention period is (hours) 24
These appear to be the results of a DISPLAY command as I also see this,
C2P0105I Received command DISPLAY
Jeroen,
From the C2PDEBUG ddname for the C2POLICE task the parameters are as follows,
CKF0182 00 Options for this run are:
FOCUS=(ADMINRACF,AUDITRACF,ALERTRACF)
IO=N,TCPIP=Y,DASD=N,TAPE=N,SWCH=N,PATH=N,VTOC=N,VVDS=N,PDS=N,CAT=N,MCD=N,BCD=N,DMS=N,ABR=N,TMC=N,RMM=N,VMF=N,UNIX=N,RECALL=Y,
UID0,FREE,ENQ=N,DDLIMIT=1536,IOTIMEOUT=60,PDSEBUFSIZE=150,SIGVER=N,XTIOT=Y,MOD=Y,NJE=Y,CICS=Y,IMS=Y,MQ=N,DB2=Y,DB2CAT=N,DB2AD
I viewed the CKFREEZE file using IBM File Manager. The first record is the X'FE' record and contains this (from byte offset 1)
FOCUS=(LICENSE,ALERTRACF),INDD=SYSINCKF,OUTDD=SYSPRCKF,IO=NO,FREE,SUP=(002,200,1024),DB2CAT=N,MQ=N,FREEZEDD=C2PEMCKF
Lennie
------------------------------
Lennie Dymoke-Bradshaw
Original Message:
Sent: Thu July 10, 2025 06:58 AM
From: Jeroen Tiggelman
Subject: zSecure Alert Extended Monitoring CKFREEZE datasets
The parameters of the CKFREEZE would be the parameters passed to CKFCOLL.
The effective parameters should show in the CKF0182 message in the SYSPRINT for the CKFCOLL run.
They should also be in CKFREEZE records with x'FE' in the first byte.
For example
deftype type=$
alloc type=$ dsn=crma.x.nmpipl87.recent1.ckfreeze
n type=$
def type as substr(record,1,1)
s type='FE'x
sortlist record(dump)
to get something like
********************************* Top of Data **********************************
$ 10 Jul 2025 06:52
Record
0000. FEE2E8D4 D2C5E8E3 C5E2E37E E86BC3C8 *.SYMKEYTEST=Y,CH*
0010. C5C3D27E E86BE2E3 D6D9C1C7 C5C7C3 *ECK=Y,STORAGEGC*
***************************** Bottom of Data *****************************
or when allocated in SETUP FILES: look at IN.F - @SECDATA - L(ist) CKFREEZE, then S(elect) COMMANDS:
Collect parameters and commands Line 1 of 1
Command ===> _________________________________________________ Scroll===> CSR
10 Jul 2025 06:55
Command
__ SYMKEYTEST=Y,CHECK=Y,STORAGEGC
******************************* Bottom of Data ********************************
Regards,
Jeroen
------------------------------
Jeroen Tiggelman
IBM - Software Development Manager IBM Security zSecure
Delft
Original Message:
Sent: Thu July 10, 2025 06:37 AM
From: RENE van TIL
Subject: zSecure Alert Extended Monitoring CKFREEZE datasets
Hi lennie,
120 cylinders is a lot more then i expected for the kind of records collected for EM alerts :( I'll have a look at how to deal with this in both doc and the sample C2PEFMRT.
Not sure what you mean the parameters of that CKFREEZE. Do you means the name or DCBs ?
Creating new snapshot CKFREEZE's shouldnt happen when EM alerting is turned off. There will be no queries created for these alerts during verify and when activated it should stop doing that. Tried that myself and works as the doc says
if you look in the log of the alert stc, can you have a look if this message is issued ?
C2P0436I Extended Monitoring is not active
My guess would be it is not
cheers
rene
------------------------------
RENE van TIL
Original Message:
Sent: Thu July 10, 2025 05:01 AM
From: Lennie Dymoke-Bradshaw
Subject: zSecure Alert Extended Monitoring CKFREEZE datasets
Rene,
Thanks for taking the time to reply.
Those CKFREEZE snapshot files are certainly larger than can be accommodated by CYL(2,1). My issue had been that we hit B37 abends in production and this produced a lot of dumps. We have resolved that now. The CKFREEZE snapshot files vary in size from LPAR to LPAR but average around 120 cylinders. There are 25 of these of course, and this is per LPAR.
You didn't address the question of the parameters used for those CKFREEZE data set but I guess alert has a fixed set to use. Can you confirm?
However, we have 3 LPARs set with Extended Monitoring OFF. The configuration set includes alerts 1207 and 1208 and these are designated 'n/a' as you say. However, these 3 LPARs still allocate and populate the CKFREEZE data set each hour. This seems to be at odds with the statement in Chapter 2 of the zSecure Alert manual, saying,
Extended Monitoring
This field determines whether the Extended Monitoring process is active. If you specify YES, Extended
Monitoring is activated. It results in a system snapshot being taken and written to a CKFREEZE data
set at the interval specified in the Environment refresh field. This option is effective only if Extended
Monitoring alerts are selected. If no Extended Monitoring alerts are selected, a warning message is
issued during the verification process.
Now, maybe I am reading this incorrectly, but I took this to mean that the CKFREEZE datasets would not be created and populated if this flag is set to "N". Yet on these three LPARs with this flag set to N, the CKFREEZE data sets are still created and processed.
Lennie
------------------------------
Lennie Dymoke-Bradshaw
Original Message:
Sent: Wed July 09, 2025 12:21 PM
From: RENE van TIL
Subject: zSecure Alert Extended Monitoring CKFREEZE datasets
Hi lennie
No we dont provide a method to calculate how much space a snapshot CKFREEZE should have as it should be well small .... The default of 2 primary and 1 secondary cylinders seems a bit small for large systems but one look at the allocations should tell you if you're safe. I dont think the size wil change much once one is created.
So except for the space values you should not change anything in C2PEMFRT. A CKFREEZE is a VBS dataset with a specific blocksize.
These snapshot CKFREEZE's should only be created if there are EM alerts active. Even if EM alerts are selected but EM alerts are turned off in C2PP3ZA0 no queries for these alerts are generated during verify. If you look at them in the Alert User Interface you will see them as n/a. That sounds wrong.
cheers
rene
------------------------------
RENE van TIL
Original Message:
Sent: Wed July 09, 2025 06:02 AM
From: Lennie Dymoke-Bradshaw
Subject: zSecure Alert Extended Monitoring CKFREEZE datasets
I have a couple of questions about the CKFREEZE data sets that are written by zSecure Alert each hour (the default setting) in support of extended monitoring. The data set names for these and the allocation settings are normally in C2PCUST(C2PEMFRT).
1. I have not found a reference saying how to calculate the size needed for these data sets. Is there one? What would be an expected size?
2. It appears that zSecure Alert has a fixed set of parameters for these CKFREEZE data sets. I assume that this is not a user setting. Is that correct?
3. I have found that these data sets are written even if the setting for extended monitoring on panel C2PP3ZA0 is set to N. This seems to be at odds with the description of this setting in the Alert manual. Could this be because I have an alert selected that requires extended monitoring?
Thanks
Lennie
------------------------------
Lennie Dymoke-Bradshaw
------------------------------