Author |
Message
|
J.D |
Posted: Wed Jan 27, 2010 4:51 pm Post subject: Detailed logs |
|
|
Voyager
Joined: 18 Dec 2009 Posts: 92 Location: United States
|
Hi All,
We have a requirement to record all the activity happens on MQ Server. Any User who connects/login to MQ should be included in log entries (User might be an application or MQ Admin). Our Security folks are expecting the following events:
User identification, Date and Time, Success or Failure and IP Address of User
I know many discussions happened before related to my topic but i didn't find right solution. I work for a retail client whose is implementing the PCI standards to secure the card holder data.
Thank You |
|
Back to top |
|
 |
mqjeff |
Posted: Thu Jan 28, 2010 4:57 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008 Posts: 17447
|
Why were the solutions you found not the "right" solution?
Be specific, and give examples. |
|
Back to top |
|
 |
gbaddeley |
Posted: Thu Jan 28, 2010 3:22 pm Post subject: |
|
|
 Jedi Knight
Joined: 25 Mar 2003 Posts: 2538 Location: Melbourne, Australia
|
MQ doesn't have any built in capability to do this. Are you only interested in remote or local applications connecting via MQ Client channels? What about local applications connecting via server binding? _________________ Glenn |
|
Back to top |
|
 |
bruce2359 |
Posted: Thu Jan 28, 2010 5:08 pm Post subject: |
|
|
 Poobah
Joined: 05 Jan 2008 Posts: 9469 Location: US: west coast, almost. Otherwise, enroute.
|
Quote: |
Any User who connects/login to MQ should be included in log entries (User might be an application or MQ Admin). Our Security folks are expecting the following events:
User identification, Date and Time, Success or Failure and IP Address of User |
The only platform where this kind of information is readily available is (dare I say it?) mainframe z/OS. z/OS allows statistical and accounting, information, as well as security failures and successes, to be gathered via SMF (System Management Facility) records. _________________ I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
Back to top |
|
 |
J.D |
Posted: Thu Jan 28, 2010 5:44 pm Post subject: |
|
|
Voyager
Joined: 18 Dec 2009 Posts: 92 Location: United States
|
I just got an update from security folks that they looking for only MQ Admins login activity. |
|
Back to top |
|
 |
Vitor |
Posted: Thu Jan 28, 2010 9:18 pm Post subject: |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
J.D wrote: |
I just got an update from security folks that they looking for only MQ Admins login activity. |
Which you can obtain from your use of sudo to access the generic mqm user id (which I believe you mentioned in one of your many other posts). _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
RogerLacroix |
Posted: Fri Jan 29, 2010 8:41 am Post subject: Re: Detailed logs |
|
|
 Jedi Knight
Joined: 15 May 2001 Posts: 3264 Location: London, ON Canada
|
Hi J.D.,
J.D wrote: |
We have a requirement to record all the activity happens on MQ Server. Any User who connects/login to MQ should be included in log entries (User might be an application or MQ Admin). Our Security folks are expecting the following events:
User identification, Date and Time, Success or Failure and IP Address of User |
Capitalware has 2 MQ security solutions that provide this type of logging for incoming connection requests:
- MQ Authenticate User Security Exit
- MQ Standard Security Exit
Please let me know if you have any questions or comments.
Regards,
Roger Lacroix
Capitalware Inc. _________________ Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
Back to top |
|
 |
bruce2359 |
Posted: Fri Jan 29, 2010 8:44 am Post subject: |
|
|
 Poobah
Joined: 05 Jan 2008 Posts: 9469 Location: US: west coast, almost. Otherwise, enroute.
|
Quote: |
I just got an update from security folks that they looking for only MQ Admins login activity. |
For clarity, does this mean that the security folks only want to know that someone with mqm authority logged in? Or after login exactly what they did with mq objects? _________________ I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
Back to top |
|
 |
J.D |
Posted: Fri Jan 29, 2010 11:32 am Post subject: |
|
|
Voyager
Joined: 18 Dec 2009 Posts: 92 Location: United States
|
[quote="bruce2359"]
Quote: |
For clarity, does this mean that the security folks only want to know that someone with mqm authority logged in? Or after login exactly what they did with mq objects? |
On Unix, they can find out who logged in since we use sudo to mqm. They want to know what we did with MQ objects like browsing the Queues and changing parameters.
On Windows, we have 3rd party event management tool which shows success/failed logon activities. |
|
Back to top |
|
 |
J.D |
Posted: Fri Jan 29, 2010 12:18 pm Post subject: Re: Detailed logs |
|
|
Voyager
Joined: 18 Dec 2009 Posts: 92 Location: United States
|
Hi Roger,
Thanks for sending the links. I will look into these and get back to you. |
|
Back to top |
|
 |
|