Hello,

I have been asked to investigate the use of z/Secure Alert to raise an alarm when the TCP/IP routing table changes.  

Can anyone confirm if this is possible?  Has anyone else had to implement such an alarm who is willing to share their experiences?

------------------------------
Many thanks,
Peter
------------------------------

The routing information is in newlist type=IP_ROUTE, see doc.

zSecure Alert (note the name, no slash ;-) ) has an automated configuration collector that runs every hour, and alerts are available to compare the CKFREEZE from this collect with the previous one.  This is referred to as extended monitoring and comes with several sample alerts, including some for the IP stack such as 1615.  You could create a new alert from this model and change the newlist type.

Note, this would tell you of configuration changes up to 1 hour after the fact, and would miss out when the change is reverted before the next collect.

Also, you have to activate extended monitoring, see the installation manual.