Global Security Forum

 View Only
  • 1.  [*Newsletter*] RE: Global Security Forum : ZALERT

    Posted Wed September 11, 2024 04:08 AM

    <c-wiz jsrenderer="FhfY2b" aria-labelledby="ucj-12" role="region" tabindex="-1" jsshadowjsdata="deferred-c632" data-p="%.@.]" jscontroller="CTfTTd" jsaction="eLAnNe:yz7ijf;F5MSFd:twqeXd;UgEtGb:EBJDh;qE2zJe:QgB2Sb;fBzasf:i3JB,qZLKif,YcUd2b,onpymd;Qz4V0b:NmMuHe;" jsname="e79Xi" data-node-index="3;0" jsmodel="hc6Ubd" c-wiz="" style="-webkit-tap-highlight-color: transparent; contain: style; display: block; -webkit-box-flex: 1; flex: 1 1 0%;">
    Alert id 4001
    </c-wiz>

       Date and time   11Sep2024 08:58:18.38    WTO message     $HASP395 LOGTODS2 ENDED - RC=0000    System ID       TST2 
    Hi how can I create an alert for logoff users excluding job logoffs as shown in the figure: Thanks for your time and courtesy




    Da: Maurizio Bonelli
    Inviato: lunedì 5 agosto 2024 11:44
    A: IBMTECHXCHANGECOMMUNITY-globalsecurityforum@ConnectedCommunity.org
    Oggetto: Re: [*Newsletter*] RE: Global Security Forum : ZALERT
     

    Hi Rob van Hoboken sorry again because the alert 1701 doesn't work for me I did what is written in the manual To receive this alert, you must have SETROPTS setting SAUDIT, AUDIT(USER), or AUDIT(GROUP) enabled but it doesn't work for me I'm really hopeless. Only when you have time please answer me By Maurizio




    Da: Maurizio Bonelli
    Inviato: lunedì 5 agosto 2024 10:24
    A: IBMTECHXCHANGECOMMUNITY-globalsecurityforum@ConnectedCommunity.org
    Oggetto: Re: [*Newsletter*] RE: Global Security Forum : ZALERT
     

    You are absolutely right Thank you for your kindness and time Best regards





  • 2.  RE: [*Newsletter*] Global Security Forum : ZALERT

    Posted Thu September 12, 2024 03:56 AM
    Edited by Rob van Hoboken Thu September 12, 2024 03:57 AM

    Hi Maurizio.

    There is a forum for Z Security that is more appropriate for zSecure Alert and other z/OS topics, go to IBM Security for Z.

    About your alerts for TSO (?) sessions, you could check the field JOBID to see if this starts with T, like so:

    Make a copy of alert 1101, edit the skeleton, change the select command into:

    select likelist=recent type=30(5) jobid=T*

    Of course you also fix the alert message text.  Save the skeleton.

    Check the SMF record type in the alert specification panel: it should be

    Change data source filter: SMF type 30(5)



    ------------------------------
    Rob van Hoboken
    ------------------------------



  • 3.  RE: [*Newsletter*] Global Security Forum : ZALERT

    Posted Fri September 13, 2024 03:34 AM

    Hi Rob van Hoboken sorry to bother you, but thank you for the advice you give me, I ask you kindly from which alert can I create an Alert for a USR LOGOFF?? Sorry again and have a good weekend








  • 4.  RE: [*Newsletter*] Global Security Forum : ZALERT

    Posted Fri September 13, 2024 04:09 AM

    Hi Maurizio

    As I wrote yesterday, you can create a custom alert (installation specific alert) by copying alert 1101: use the C line command in the alert selection list.  This is an SMF based alert where you can process SMF record type 30, subtype 5, to trigger on job end.  By selecting only jobs with a job-id T* you select TSO logoff.

    Also, it would be convenient if you subscribe to the IBM Z SECURITY group, where more zSecure discussions take place.



    ------------------------------
    Rob van Hoboken
    ------------------------------



  • 5.  RE: [*Newsletter*] Global Security Forum : ZALERT

    Posted Thu September 19, 2024 10:07 AM

    Hi how can I capture this msg as wto I want to capture only the CZ1* and not others like C2P or other: =COLS> ----+----5----+----6----+----7----+----8 160458 U05335 00000090 $HASP395 CZ1SBM2 ENDED i wrote it like this but i capture them all: )IM C2PSGNEW define waitstate as substr(record,67,14), where msgid=('CZ1 ' 'ENDED') select likelist=WTOrec msgid=($HASP395,'CZ1 ' 'ENDED') select likelist=WTOrec waitstate=D0D-00 Sorry if I always bother you but i thank you in advance and i wish you a good weekend Maurizio