IBM Security Z Security

Hi,

I am receiving CKR1788 04 CKRCFV message about the file system audit ID because it is not unique to my system.

I want to suppress the CKR1788 message, 

because there are a lot of not unique files. How can I do so by coding SUPPRESS MSG=1788 ?. I couldn't find where I will code SUPPRESS MSG=1788 in C2POLICE.

Regards,

Kayhan Tanrıverir

Hi kayhan,

The return code of CKR1788 is allready changed from 20 to 4 in C2PSGLOB via an OPTION statement. You can copy C2PSGLOB from SCKRSLIB to your C2PCUST dataset but with a different name. In it you can either add an extra suppress or change the RC for CKR1788 to 0.  To activate this you can specify your "member" in (see bottom of screenprint)

  Menu         Options       Info    Commands     Setup                        
-------------------------------------------------------------------------------
                         zSecure Suite - Setup - Alert                         
Command ===>                                                                   
                                                                               
Name  . . . . . . . . . RENE1                     (also report member)         
Description . . . . . . RENE1                                                  
                                                                               
You might need to scroll forward/backward to view all parameters               
                                                                               
SMTP node . . . . . . . TVT6089                                                
SMTP sysout . . . . . . B                                                      
SMTP writer . . . . . . SMTP                                                   
SMTP atsign . . . . . . @                                                      
SMTP CCSID  . . . . . . 01047                                                  
User CCSID  . . . . . . 01047                                                  
                                                                               
Interval  . . . . . . . 60                        (in seconds)                 
Environment refresh . . 10                        (in minutes)                 
Use internal refresh                              (Y/N/blank)                  
WLM serviceclass SYSSTC                           (Y/N/blank)                  
Average . . . . . . . . 300                       (in seconds)                 
Buffer size . . . . . . 25     MB                 (in KB/MB)                   
Number of buffers . . . 32                                                     
TCP keepalive interval                            (in seconds)                 
TCP connect when needed                           (Y/N/blank)                  
                                                                               
RACF database . . . . . PRIMARY                   (PRIMARY or BACKUP)          
Collect started task    ALERTC                                                 
CKFREEZE data set . . . ALERT.CKFREEZE                                         
CKFREEZE Collect time   0100                      (Time of day in hhmm)        
Collect stagger time                              (Time offset in hhmm)        
Show SMF statistics . . Y                         (Y/N/blank)                  
                                                                               
Extended Monitoring . . N                         (Y/N)                        
Snapshot retention  . . 2                         (Number of hours, 2-99)      
                                                                               
   Suppress copy of UNIX syslog message in SYSPRRPT                            
                                                                               
                                                                               
Enter / to view/edit the global CARLa skeleton                                 
e  Skeleton             C2PSRENE                                               

verify it and in the report member there should be your suppress or option statements.

cheers

rene

Hi,

I am receiving CKR1788 04 CKRCFV message about the file system audit ID because it is not unique to my system.

I want to suppress the CKR1788 message, 

because there are a lot of not unique files. How can I do so by coding SUPPRESS MSG=1788 ?. I couldn't find where I will code SUPPRESS MSG=1788 in C2POLICE.

Regards,

Kayhan Tanrıverir

Hi Rene

I am not thrilled by the idea of saving a copy in time of C2PSGLOB, because future fixes to C2PSGLOB (in SC2PSLIB) would then be hidden.

It would be safer to create a member, e.g., C2PU1788, in the C2PCUST data set, containing

)IM C2PSGLOB
SUPPRESS MSG=1788

and writing the member name C2PU1788 in the Skeleton field that you pointed out.  This keeps the original global skeleton for any future maintenance.

Hi kayhan,

The return code of CKR1788 is allready changed from 20 to 4 in C2PSGLOB via an OPTION statement. You can copy C2PSGLOB from SCKRSLIB to your C2PCUST dataset but with a different name. In it you can either add an extra suppress or change the RC for CKR1788 to 0.  To activate this you can specify your "member" in (see bottom of screenprint)

  Menu         Options       Info    Commands     Setup                        
-------------------------------------------------------------------------------
                         zSecure Suite - Setup - Alert                         
Command ===>                                                                   
                                                                               
Name  . . . . . . . . . RENE1                     (also report member)         
Description . . . . . . RENE1                                                  
                                                                               
You might need to scroll forward/backward to view all parameters               
                                                                               
SMTP node . . . . . . . TVT6089                                                
SMTP sysout . . . . . . B                                                      
SMTP writer . . . . . . SMTP                                                   
SMTP atsign . . . . . . @                                                      
SMTP CCSID  . . . . . . 01047                                                  
User CCSID  . . . . . . 01047                                                  
                                                                               
Interval  . . . . . . . 60                        (in seconds)                 
Environment refresh . . 10                        (in minutes)                 
Use internal refresh                              (Y/N/blank)                  
WLM serviceclass SYSSTC                           (Y/N/blank)                  
Average . . . . . . . . 300                       (in seconds)                 
Buffer size . . . . . . 25     MB                 (in KB/MB)                   
Number of buffers . . . 32                                                     
TCP keepalive interval                            (in seconds)                 
TCP connect when needed                           (Y/N/blank)                  
                                                                               
RACF database . . . . . PRIMARY                   (PRIMARY or BACKUP)          
Collect started task    ALERTC                                                 
CKFREEZE data set . . . ALERT.CKFREEZE                                         
CKFREEZE Collect time   0100                      (Time of day in hhmm)        
Collect stagger time                              (Time offset in hhmm)        
Show SMF statistics . . Y                         (Y/N/blank)                  
                                                                               
Extended Monitoring . . N                         (Y/N)                        
Snapshot retention  . . 2                         (Number of hours, 2-99)      
                                                                               
   Suppress copy of UNIX syslog message in SYSPRRPT                            
                                                                               
                                                                               
Enter / to view/edit the global CARLa skeleton                                 
e  Skeleton             C2PSRENE                                               

verify it and in the report member there should be your suppress or option statements.

cheers

rene

Hi,

I am receiving CKR1788 04 CKRCFV message about the file system audit ID because it is not unique to my system.

I want to suppress the CKR1788 message, 

because there are a lot of not unique files. How can I do so by coding SUPPRESS MSG=1788 ?. I couldn't find where I will code SUPPRESS MSG=1788 in C2POLICE.

Regards,

Kayhan Tanrıverir

Hi David

You can do some debugging to check that your new skeleton member is actually used.  Just add a CARLa comment statement at the beginning and end, like so:

/* C2PU1788 starts here */
)IM C2PSGLOB
SUPPRESS MSG=1788
/* C2PU1788 ends */

Then do your verify & refresh and check the alert reporting member in C2PCUST.  The member name is equal to the alert set name, it is generated from all the skeletons and should hold the 2 comments.  If the comments are missing, the old C2PSGLOB is still used.

Alternative to the method of using an installation specific version of C2PSGLOB, you could just edit the common customization members C2PXDEF1.  Just add the SUPPRESS command and the comment like so, and verify&refresh:

/* C2PXDEF1 starts here */
SUPPRESS MSG=1788
/* C2PXDEF1 ends */

------------------------------
Rob van Hoboken
------------------------------

Hi Rob,

I too am getting many of these messages in C2PDEBUG DD. I tried adding the SUPPRESS MSG=1788 as you suggested but still seeing the message.

Here's what I've done:

Create member C2PU1788  in C2PCUST with the two lines as suggested.
Edit the Alert configuration.

Enter the C2PU1788 member name in the Skeleton field.

Verify the configuration.

Refresh the configuration.

Did I miss something on making this change?

Hi Rene

I am not thrilled by the idea of saving a copy in time of C2PSGLOB, because future fixes to C2PSGLOB (in SC2PSLIB) would then be hidden.

It would be safer to create a member, e.g., C2PU1788, in the C2PCUST data set, containing

)IM C2PSGLOB
SUPPRESS MSG=1788

and writing the member name C2PU1788 in the Skeleton field that you pointed out.  This keeps the original global skeleton for any future maintenance.

Hi kayhan,

The return code of CKR1788 is allready changed from 20 to 4 in C2PSGLOB via an OPTION statement. You can copy C2PSGLOB from SCKRSLIB to your C2PCUST dataset but with a different name. In it you can either add an extra suppress or change the RC for CKR1788 to 0.  To activate this you can specify your "member" in (see bottom of screenprint)

  Menu         Options       Info    Commands     Setup                        
-------------------------------------------------------------------------------
                         zSecure Suite - Setup - Alert                         
Command ===>                                                                   
                                                                               
Name  . . . . . . . . . RENE1                     (also report member)         
Description . . . . . . RENE1                                                  
                                                                               
You might need to scroll forward/backward to view all parameters               
                                                                               
SMTP node . . . . . . . TVT6089                                                
SMTP sysout . . . . . . B                                                      
SMTP writer . . . . . . SMTP                                                   
SMTP atsign . . . . . . @                                                      
SMTP CCSID  . . . . . . 01047                                                  
User CCSID  . . . . . . 01047                                                  
                                                                               
Interval  . . . . . . . 60                        (in seconds)                 
Environment refresh . . 10                        (in minutes)                 
Use internal refresh                              (Y/N/blank)                  
WLM serviceclass SYSSTC                           (Y/N/blank)                  
Average . . . . . . . . 300                       (in seconds)                 
Buffer size . . . . . . 25     MB                 (in KB/MB)                   
Number of buffers . . . 32                                                     
TCP keepalive interval                            (in seconds)                 
TCP connect when needed                           (Y/N/blank)                  
                                                                               
RACF database . . . . . PRIMARY                   (PRIMARY or BACKUP)          
Collect started task    ALERTC                                                 
CKFREEZE data set . . . ALERT.CKFREEZE                                         
CKFREEZE Collect time   0100                      (Time of day in hhmm)        
Collect stagger time                              (Time offset in hhmm)        
Show SMF statistics . . Y                         (Y/N/blank)                  
                                                                               
Extended Monitoring . . N                         (Y/N)                        
Snapshot retention  . . 2                         (Number of hours, 2-99)      
                                                                               
   Suppress copy of UNIX syslog message in SYSPRRPT                            
                                                                               
                                                                               
Enter / to view/edit the global CARLa skeleton                                 
e  Skeleton             C2PSRENE                                               

verify it and in the report member there should be your suppress or option statements.

cheers

rene

Hi,

I am receiving CKR1788 04 CKRCFV message about the file system audit ID because it is not unique to my system.

I want to suppress the CKR1788 message, 

because there are a lot of not unique files. How can I do so by coding SUPPRESS MSG=1788 ?. I couldn't find where I will code SUPPRESS MSG=1788 in C2POLICE.

Regards,

Kayhan Tanrıverir

The C2PDEBUG file uses I/O buffers, so depending on how exactly the output file is allocated you may be looking at messages from the previous C2POLICE cycle.  You need to check the timestamp (on the first line of the message file, if I remember it right) to see how old the messages are.

In fact, when I wrote alert skeletons, I would typically issue F C2POLICE,REFRESH a 2nd time before seeing the messages from the new alert code show up in C2PDEBUG.  This 2nd REFRESH would force out the buffer from the messages of the 1st REFRESH,  if you get my drift.  Very confusing, until you remember the effect of I/O buffering.

Hi Rob,

I too am getting many of these messages in C2PDEBUG DD. I tried adding the SUPPRESS MSG=1788 as you suggested but still seeing the message.

Here's what I've done:

Create member C2PU1788  in C2PCUST with the two lines as suggested.
Edit the Alert configuration.

Enter the C2PU1788 member name in the Skeleton field.

Verify the configuration.

Refresh the configuration.

Did I miss something on making this change?

Hi Rene

I am not thrilled by the idea of saving a copy in time of C2PSGLOB, because future fixes to C2PSGLOB (in SC2PSLIB) would then be hidden.

It would be safer to create a member, e.g., C2PU1788, in the C2PCUST data set, containing

)IM C2PSGLOB
SUPPRESS MSG=1788

and writing the member name C2PU1788 in the Skeleton field that you pointed out.  This keeps the original global skeleton for any future maintenance.

Hi kayhan,

The return code of CKR1788 is allready changed from 20 to 4 in C2PSGLOB via an OPTION statement. You can copy C2PSGLOB from SCKRSLIB to your C2PCUST dataset but with a different name. In it you can either add an extra suppress or change the RC for CKR1788 to 0.  To activate this you can specify your "member" in (see bottom of screenprint)

  Menu         Options       Info    Commands     Setup                        
-------------------------------------------------------------------------------
                         zSecure Suite - Setup - Alert                         
Command ===>                                                                   
                                                                               
Name  . . . . . . . . . RENE1                     (also report member)         
Description . . . . . . RENE1                                                  
                                                                               
You might need to scroll forward/backward to view all parameters               
                                                                               
SMTP node . . . . . . . TVT6089                                                
SMTP sysout . . . . . . B                                                      
SMTP writer . . . . . . SMTP                                                   
SMTP atsign . . . . . . @                                                      
SMTP CCSID  . . . . . . 01047                                                  
User CCSID  . . . . . . 01047                                                  
                                                                               
Interval  . . . . . . . 60                        (in seconds)                 
Environment refresh . . 10                        (in minutes)                 
Use internal refresh                              (Y/N/blank)                  
WLM serviceclass SYSSTC                           (Y/N/blank)                  
Average . . . . . . . . 300                       (in seconds)                 
Buffer size . . . . . . 25     MB                 (in KB/MB)                   
Number of buffers . . . 32                                                     
TCP keepalive interval                            (in seconds)                 
TCP connect when needed                           (Y/N/blank)                  
                                                                               
RACF database . . . . . PRIMARY                   (PRIMARY or BACKUP)          
Collect started task    ALERTC                                                 
CKFREEZE data set . . . ALERT.CKFREEZE                                         
CKFREEZE Collect time   0100                      (Time of day in hhmm)        
Collect stagger time                              (Time offset in hhmm)        
Show SMF statistics . . Y                         (Y/N/blank)                  
                                                                               
Extended Monitoring . . N                         (Y/N)                        
Snapshot retention  . . 2                         (Number of hours, 2-99)      
                                                                               
   Suppress copy of UNIX syslog message in SYSPRRPT                            
                                                                               
                                                                               
Enter / to view/edit the global CARLa skeleton                                 
e  Skeleton             C2PSRENE                                               

verify it and in the report member there should be your suppress or option statements.

cheers

rene

Hi,

I am receiving CKR1788 04 CKRCFV message about the file system audit ID because it is not unique to my system.

I want to suppress the CKR1788 message, 

because there are a lot of not unique files. How can I do so by coding SUPPRESS MSG=1788 ?. I couldn't find where I will code SUPPRESS MSG=1788 in C2POLICE.

Regards,

Kayhan Tanrıverir