Hi Peter
zSecure Alert is (by definition) a real-time messaging tool, that is to say, SMF and WTO/SYSLOG messages are collected during a (configurable) interval of 60 seconds, processed to identity sequences during this (and an optional additional
averaging) interval and, when specified thresholds are exceeded or selection criteria are met, a message is sent to the recipients.
Converting (what looks like) your existing batch job based message generator, into a zSecure Alert message generator relies on:
- identifying the SMF records (or WTO messages) that indicate the event
- writing a CARLa SELECT command that spots these in the SMF stream
- writing the message generation code
all within the (zSecure option SE.A.A) ISPF application that controls the alert configuration.
Within these statements, you can refer to all the user's connect groups through the USER_GROUPS pseudo field, or to
selected connect groups with the PRIV_USER_GROUPS field. You can reference the RACF privileges of the user by means of look-ups like userid:special or userid:uid=0, or use whitelist members as I mentioned in
a previous forum entry.
The message format can be copied from existing alerts in an RFC 3164 syslog format or an (ArcSight) CEF format. Or you can write your own message generator using SORTLIST commands to mimic the messages from your existing batch job solution.
------------------------------
Rob van Hoboken
------------------------------