Greetings,
While using zSecure Alert, I noticed that some of the built-in alert IDs based around SMF events for RACF Commands (for example, #1119 / Non-expiring password enabled) do not have Command Logger information build-in the alert body text.
Thinking about attempting to have this information, I believe I'd have to create and modify my own custom alerts based on "newlist type=CKXLOG, with similar criteria to these alerts parsing the "command" string to have the "ticket_id" and "ticket_desc" fields available.
Before opening any RFEs, am I on the right track with my thinking here? And, is there any way to potentially tie the "SMF" event to the "CKXLOG" data?
The thought is that we'd want the Command Logger information if it exists, so we have an idea of "why" someone issued a command that triggered an active alert.
------------------------------
Adam Klinger
------------------------------