Site FAQ

Home > IT Answers > AS/400 > QAUDJRN immediate alert when QSECOFR password is entered incorrect or User Profile becomes disabled

Mutkey

0 pts.

QAUDJRN immediate alert when QSECOFR password is entered incorrect or User Profile becomes disabled

AS/400

Hi there; I have asked this question before, however I must have explained it wrong. I am trying to achive is the following: 1 - *AUTFAIL is on for QSECOFR in QAUDJRN 2 - if entry for "Wrong password entered" is added to QAUDJRN for QSECOFR I need to be alerted immediately, Message to a specific message queue is fine, other ways also accepted. 3 - if entry for "User Profile disabled" is added to QAUDJRN for QSECOFR I need to be alerted immediately, Message to a specific message queue is fine, other ways also accepted. Any ideas? If I create a "looping" program to review QAUDJRN, it consumes too much system resources. I need the notification to occur upon any of the above entries being added to the QAUDJRN. Bruno (aka Mutkey)

Software/Hardware used:

ASKED: September 15, 2005 5:32 PM

UPDATED: November 17, 2009 10:00 PM

RELATED QUESTIONS

Answer Wiki:

www.halcyonsoftware.com sell a product called "Audit Journal Monitor" which provides real time escalation of QAUDJRN entries, including (and I quote).... "Quickly detect when invalid attempts are made to signon - especially if this happens to be QSECOFR" www.ahtechnology.com.au also sell an equivalent product called Audit+++ that claims to do the same thing. The existence of these 2 products means that it is possible to write a real time monitor for QAUDJRN that doesn't screw the system (you would hope). Personally, I would have thought that a CLP that uses RTVJRNE ENTTYP(PW) in a never ending loop, with an updated FROMTIME/TOTIME range wouldn't be intrusive (I just ran DSPJRN for a 10 second period and the response was instantaneous) Alternatively, you could just create QSYSMSG message queue in QSYS. Disabled profile messages (CPF1393) are sent there, as well as QSYSOPR. Put QSYSMSG into *BREAK (it only receives security messages, unlike QSYSOPR). See... http://search400.techtarget.com/tip/0,289483,sid3_gci1019072,00.html

www.halcyonsoftware.com sell a product called "Audit Journal Monitor" which provides real time escalation of QAUDJRN entries, including (and I quote)....

"Quickly detect when invalid attempts are made to signon - especially if this happens to be QSECOFR"

www.ahtechnology.com.au also sell an equivalent product called Audit+++ that claims to do the same thing.

The existence of these 2 products means that it is possible to write a real time monitor for QAUDJRN that doesn't screw the system (you would hope).

Personally, I would have thought that a CLP that uses RTVJRNE ENTTYP(PW) in a never ending loop, with an updated FROMTIME/TOTIME range wouldn't be intrusive (I just ran DSPJRN for a 10 second period and the response was instantaneous)

Alternatively, you could just create QSYSMSG message queue in QSYS. Disabled profile messages (CPF1393) are sent there, as well as QSYSOPR. Put QSYSMSG into *BREAK (it only receives security messages, unlike QSYSOPR). See...
http://search400.techtarget.com/tip/0,289483,sid3_gci1019072,00.html

Last Wiki Answer Submitted: September 16, 2005 3:38 am by PaulThomas

0 pts.

All Answer Wiki Contributors: PaulThomas

0 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Sep 16, 2005 3:35 PM (GMT)

Know you have targetted your source of information (a journal or a message queue, it’s quite the same thing)

Now, you can tune resource consumption by running at priority 90 and sleeping enough between each run, depending on what means immediatly for you (milli seconds ? seconds ? minute ? more ?)

On my side, I inspect QSYSOPR each 1/4 hour for all gravity>40, it’s enough

JPLamontre

0 pts.

POSTED: Nov 11, 2009 4:18 AM (GMT)

The simplest resolution is to leave QSECOFR as disabled. There shouldn’t be more than a few times a year when you’d need it *ENABLED — version/release upgrades, cumulative and maybe a couple group PTF applications. When else should it ever be enabled?

Tom

TomLiotta

108,135 pts.

POSTED: Nov 17, 2009 10:00 PM (GMT)

This is an old question and hopefully you’re already using iNav for this.
Open ISeries Navigator
Expand Management Central
Expand Monitors
Right click on Message then New Monitor
Name your monitor with description then click on the Message Tab
From here you can add specific MSGIDs or a generic range and use the trigger or reset command to email or text to your cell phone when the error occurs

Whatis23

5,665 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags