IBM i Global

 View Only
Expand all | Collapse all

Netserver Share Access Log

  • 1.  Netserver Share Access Log

    Posted Thu June 30, 2022 02:48 PM
    I'm looking for an existing log or a way to create a log of access to Netserver file shares. Ideally I would like user ID, source IP and share activity with a date/time stamp. Any ideas out there?

    ------------------------------
    <><><><><><><><><><>
    Jeffery Green
    Sr. Systems Engineer
    IBM Power / IBM i
    <><><><><><><><><><>
    ------------------------------


  • 2.  RE: Netserver Share Access Log

    IBM Champion
    Posted Thu June 30, 2022 03:14 PM
    From IBM i NetServer Basics

    Question:


    What exit points can be used to monitor NetServer activity and further control access to my i?

    Answer:

    The exit points used by the IBM i NetServer are the same as the exit points for the optimized file server and optimized network print server functions including the following:
     
    QIBM_QPWFS_FILE_SERV Exit point for file shares
    QIBM_QNPS_ENTRY Exit point called at print share server initialization
    QIBM_QNPS_SPLF Exit point called to process spooled file output

    They are documented in detail in IBM Documentation. Each of the following topics is a link to an IBM Documentation topic:

    Register exit programs (710)

    Exit program parameters (710)

    Examples: Exit programs (710)

    ------------------------------
    Jack Woehr
    IBM Champion 2021 -2022
    ------------------------------



  • 3.  RE: Netserver Share Access Log

    Posted Thu June 30, 2022 03:41 PM
    Thanks Jack, I think that will do what I need. I also found this document about exit points and Netserver if anyone else is looking at this. https://www.ibm.com/support/pages/ibm-i-netserver-basics-intro-netserver

    ------------------------------
    <><><><><><><><><><>
    Jeffery Green
    Sr. Systems Engineer
    IBM Power / IBM i
    <><><><><><><><><><>
    ------------------------------



  • 4.  RE: Netserver Share Access Log

    Posted Tue July 05, 2022 12:27 PM
    Hi Jeffrey,
    You might find a lot of that information in the CPIAD12 messages in the QZLSFILET job log.
    Unfortunately, the share being accessed is not in that message. You can see current shares by looking at the NetServer session list:
    https://www.ibm.com/docs/en/i/7.4?topic=netserver-viewing-i-session-connection-status
    Alternatively, SERVER_SHARE_INFO view:
    https://www.ibm.com/docs/en/i/7.4?topic=services-server-share-info-view

    You might want to vote for these "ideas" :
    https://ibm-power-systems.ideas.ibm.com/ideas/IBMI-I-2558
    https://ibm-power-systems.ideas.ibm.com/ideas/IBMI-I-2830

    Regards,
    Alex

    ------------------------------
    Alexander Marquis
    ------------------------------



  • 5.  RE: Netserver Share Access Log

    Posted Wed July 06, 2022 08:17 AM
    I think you'll want to look into the exit point QIBM_QPWFS_FILE_SERV.

    a web search should return some example code you can use for your needs.

    ------------------------------
    Bryan Dietz
    ------------------------------



  • 6.  RE: Netserver Share Access Log

    Posted Wed July 06, 2022 10:40 AM
    Hi Bryan, thanks for that. I've been looking at making an exit point program since Jack pointed it out and I'm not sure it's a good idea. I ran a 24 stats gather on Netserver and we had 3.5 million accesses in that time. My concern is that an exit point program could slow things down quite a bit with all those calls so now I'm looking at possibly just gathering data from the SERVER_SHARE_INFO view on a schedule to see overall usage. Any thoughts?

    ------------------------------
    <><><><><><><><><><>
    Jeffery Green
    Sr. Systems Engineer
    IBM Power / IBM i
    <><><><><><><><><><>
    ------------------------------



  • 7.  RE: Netserver Share Access Log

    IBM Champion
    Posted Thu July 07, 2022 08:37 AM
    Hi Jeffery,

    If you're on 7.4 or higher, you can always turn on authority collection for the directory shared, then review the connections in qsys2.authority_collection_fsobj for QLZSFILE/QZLSFILET jobs.

    Steve

    ------------------------------
    Steve Pitcher
    ------------------------------



  • 8.  RE: Netserver Share Access Log

    Posted Thu July 07, 2022 10:57 AM
    Hi Steve, thanks for that tip. We currently have 108 shares and I believe about 100 are no longer needed, so for the moment I need to verify which are no longer used and remove them. Once I get them cleaned up I will turn that on to log access.

    To get an idea of usage I'm running an SQL statement every 15 minutes to grab connections and write them to a file with a cumulative total of connects. 

    If anyone else is struggling with this my code to pull your current shares looks like this, I'm not a coder so apologies in advance if it's not the best!

    select server_share_name, path_name, permissions
    from qsys2.server_share_info
    where share_type = 'FILE'

    I created the file with an initial run, and now my code to pull the connections and write them to my file looks like this:
    MERGE INTO mylibrary.netsrv1 target USING (
    SELECT server_share_name,
    share_type,
    text_description,
    path_name,
    permissions,
    current_connections
    FROM qsys2.SERVER_SHARE_INFO
    ) source ON source.server_share_name = target.server_share_name
    WHEN NOT MATCHED THEN INSERT VALUES (
    source.server_share_name,
    source.share_type,
    source.text_description,
    source.path_name,
    source.permissions,
    source.current_connections
    )
    WHEN MATCHED THEN UPDATE SET current_connections = source.current_connections +
       target.current_connections

    Then when I want to see which connections had any usage I run this:
    Select * from mylibrary.netsrv1 where current_connections > 0

    ------------------------------
    <><><><><><><><><><>
    Jeffery Green
    Sr. Systems Engineer
    IBM Power / IBM i
    <><><><><><><><><><>
    ------------------------------



  • 9.  RE: Netserver Share Access Log

    Posted Thu July 07, 2022 08:41 AM
    i would not be a fan of the SQL way to go.
    so taking a different angle, how about a watch program?
    https://www.ibm.com/support/pages/strwch-watch-exit-programs-explained-cl-example
    watch for messages CPIAD12 and CPIAD13 in QZLSFILET and do something with the returned data. 


    ------------------------------
    Bryan Dietz
    ------------------------------



  • 10.  RE: Netserver Share Access Log

    IBM Champion
    Posted Mon July 11, 2022 07:56 AM
    Does anyone know what object the share list is stored in?  If so, if you turn on object auditing for that object would that help?  Probably wouldn't tell you what 'row' was accessed though.  I'm guessing it's a stream file.

    ------------------------------
    Robert Berendt
    ------------------------------



  • 11.  RE: Netserver Share Access Log

    Posted Mon July 11, 2022 11:47 AM
    The NetServer share list is stored in '/qibm/UserData/OS400/NetServer/QAZLSSHR'
    But auditing that would not provide the level of detail I believe Jeffrey is looking for.

    ------------------------------
    Alexander Marquis
    ------------------------------