Monitor Logs during I series data Transfer

AS/400 data transfer
Dear All,

I would like to know if there is a utility with which it is possible to monitor the data transfer down by users using I-Series Data Transfer

Are any logs created for such transfers

This is as a part of our audit requirements

Thank you


Answer Wiki

Thanks. We'll let you know when a new response is added.

The only native option IBM gives you is to open opsnav TCPIP servers and pull up server jobs, but this is pretty much useless. The way I do it is with a NetIQ exit program. PowerTech I think has the same capablity and of course you could write your own. These packages allow you to limit incoming FTP to desired users or addresses and monitor them or just monitor for exceptions. Unfortunately this only covers incoming FTP. For outgoing FTP you would have to change the jobd for FTP server jobs, QTMFTPS to 0-4-*seclvl log cl commands *yes and manipulate the spooled files to a PF then use an RPG or SQL script to pull out a report.

BTW, if you are PCI audited and don’t have one of these security packages get ready to bite the bullet soon. PCI is going to get tougher every round for several years to come. We almost have all telnet on the iSeries, three systems and eight LPARs, requiring SSL to connect, and FTP won’t be far behing.

Discuss This Question: 1  Reply

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TomLiotta
    <Disclaimer> I am currently a PowerTech employee, so take that into account if any bias or attempted influence seems to arise in what I write here. </Disclaimer> "Logs" may be of different kinds, depending on needs. For example, system audit journal or application database journal events are going to be "logged" regardless of what application grabs a file. FTP (server and client), System i Access File Transfer -- it won't matter. If your system audit rules are set up appropriately and your reporting of those events is appropriate, you're essentially covered for generating "logs". But it's not always easy to "report" journaled events. It can take some programming struggles, to get it right at first as well as to keep up with whatever PTFs and changes come out of IBM in new releases. Further, although a solid object-level security mechanism is supplied within i5/OS, application databases that have been around for years (decades?) aren't always easy to maintain in terms of appropriate security. Many apps are structured with menu-based security schemes that have no protection against the network interfaces that are commonly in use today. A file that is fully protected during green-screen work can be wide open for ODBC or other access methods. IBM realized that and created 'exit points' for most network access methods. These allow the insertion of custom programs that can supplement legacy security structures with additional and/or separate structures that apply to those network methods. You can write your own, since IBM documents the interfaces and their behaviors. Or you can purchase 3rd-party tools such as from PowerTech (or NetIQ or others). Like journal reporting, doing it yourself can take some programming struggles to master, especially keeping up to date with new releases. Note that 3rd-party tools should cover both FTP server and client transactions. I only know explicitly about PowerTech, but I'd be very surprised if others didn't also. Audit reports from 3rd-party tools would be based around how you configure the tools. Transactions are passed through the exit points to the programs from the vendors by the servers (e.g., by the FTP server.) Configuration of the tools may include whether or not a particular user is allowed to run such a transaction regardless of the user's authorities and whether or not additional audit notes ought to be recorded. Any of it can be done in house. I suspect that there are free-ware utilities available too. Whether or not such work passes PCI acceptance may be a very different issue. I can answer relatively specific questions and can discuss general overviews. My employers, of course, are going to hold me to a degree of confidentiality though. This is pretty much all I can say on the question asked. If a particular technical question arises, post it and I'll see what I can do. Tom
    125,585 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: