IBM Security Z Security

 View Only

  • 1.  zSecure QRadar - CKR1296 error message not a CKFREEZE file

    Posted 22 days ago

    This is on zSecure 2.4.

    I am performing verification on QRADAR    zSecure Alert alert configuration

    I got an error on QRADARVO     Environment dependent selection criteria

    CKR1296 16 Not a CKFREEZE file - CKFREEZE PRN301 SYSU.CONSUL.DATA.AAIB.C2POLICE.CKFREEZE
    CKR2409 20 No valid CKFREEZE, terminating system initialization                

    This is what is being set up on QRadar

    RACF database . . . . . PRIMARY                   (PRIMARY or BACKUP)   
    Collect started task    C2PCOLL                                         
    CKFREEZE data set . . . SYSU.CONSUL.DATA.AAIB.C2POLICE.CKFREEZE         
    CKFREEZE Collect time   0100                      (Time of day in hhmm)          

    How to resolve this error? How to check if it is containing data confirming to CKFREEZE layout? Anything that I should check in job C2PCOLL?

    Thanks



    ------------------------------
    SALLY KWOK
    ------------------------------


  • 2.  RE: zSecure QRadar - CKR1296 error message not a CKFREEZE file

    Posted 22 days ago
    Edited by RENE van TIL 22 days ago

    Hi sally,

    it looks like the CKFREEZE is empty.

     

    "SYSU.CONSUL.DATA.AAIB.C2POLICE.CKFREEZE" is the input used by the alerts. This dataset is filled by the started task specified in "Collect started task" (C2PCOLL for you). So the name in this stc should match the one you specified here in the Alert UI.  You can force a new collect run to fill that CKFREEZE by issuing the MVS system command "F C2POLICE,COLLECT", If you used another name for the Alert started task replace C2POLICE with yours.

    cheers 

    rene



    ------------------------------
    RENE van TIL
    ------------------------------

    Original Message


  • 3.  RE: zSecure QRadar - CKR1296 error message not a CKFREEZE file

    Posted 21 days ago

    Thank you Rene. The issue is resolved now, I can do the verification. The CKFREZE dataset names in C2PCOLL and C2POLICE are different



    ------------------------------
    SALLY KWOK
    ------------------------------

    Original Message


  • 4.  RE: zSecure QRadar - CKR1296 error message not a CKFREEZE file

    IBM Champion
    Posted 21 days ago

    The name in the configuration of your QRADAR alert is only used for the verification step of the alert.  In theory, you can specify the name of any CKFREEZE data set, since, again, this is only used by the user ID that issues the V line command on the alert.

    In practice, you try to use the same dsname that is specified in the C2PCOLL started task, because this helps you identify code in installation defined alerts that would fail, due to the CKFREEZE lacking specific records, e.g., UNIX, due to options on the C2PCOLL parameters.

    By the way, the discrepancy between the dsnames is especially relevant for C2PCUST data sets shared between LPARs.  It is perfectly normal to have one C2PCUST that is ued by several LPARs, as long as those LPARs have similar security requirements + naming conventions.  You can even run the same alert configuration (set) on several LPARs.  In that case,  the alert set is verified on one system with one CKFREEZE, but used on several systems, each with their own, system-specific CKFREEZE.  So having CKFREEZE names different is ok.



    ------------------------------
    Rob van Hoboken
    ------------------------------

    Original Message


  • 5.  RE: zSecure QRadar - CKR1296 error message not a CKFREEZE file

    Posted 18 days ago

    Thanks Rob for the additional information



    ------------------------------
    SALLY KWOK
    ------------------------------

    Original Message