| Author |
Message
|
| saikat89 |
 Posted: Tue Dec 18, 2012 1:56 am Post subject: How to know source of a message? |
 |
|
Novice
Joined: 06 Sep 2012
Posts: 15
|
Hi,
I have received some junk messages in my queue. How can I know which application/server has sent these messages?
If it can be known from message header, how to read the message header?
We are using hp-UX, MQ v7
Regards,
saikat |
|
| Back to top |
|
 |
| McueMart |
| Posted: Tue Dec 18, 2012 2:02 am Post subject: |
|
|
Chevalier
Joined: 29 Nov 2011
Posts: 490
Location: UK...somewhere
|
|
| Back to top |
|
|
| saikat89 |
| Posted: Wed Dec 19, 2012 2:52 am Post subject: |
|
|
Novice
Joined: 06 Sep 2012
Posts: 15
|
Hi,
Thanks a lot for your reply.
The ibm official site says this particular support pack to be used only for development and test environment.
But in our case it is production environment. In this case, How can we read MQMD data of the messages?? How can we know the source application/server/ip of messages in production environment?
Regards,
saikat |
|
| Back to top |
|
|
| ramires |
| Posted: Wed Dec 19, 2012 3:23 am Post subject: |
|
|
Knight
Joined: 24 Jun 2001
Posts: 523
Location: Portugal - Lisboa
|
you can use the sample program provided with MQ called "amqsbcg" to browse messages in a queue. It will display the MQMD header.
_________________
Obrigado / Thanks you |
|
| Back to top |
|
|
| saikat89 |
| Posted: Wed Dec 19, 2012 3:48 am Post subject: |
|
|
Novice
Joined: 06 Sep 2012
Posts: 15
|
Hi,
I found the following output:--
| Quote: |
C:\Users\530593>amqsbcg test QM1
AMQSBCG0 - starts here
**********************
MQOPEN - 'test'
MQGET of message number 1
****Message descriptor****
StrucId : 'MD ' Version : 2
Report : 0 MsgType : 8
Expiry : -1 Feedback : 0
Encoding : 546 CodedCharSetId : 1208
Format : 'MQSTR '
Priority : 0 Persistence : 0
MsgId : X'414D5120514D31202020202020202020843CCF5020007F02'
CorrelId : X'000000000000000000000000000000000000000000000000'
BackoutCount : 0
ReplyToQ : ' '
ReplyToQMgr : 'QM1 '
** Identity Context
UserIdentifier : '530593 '
AccountingToken :
X'16010515000000235F636B833D2B46828BA628958F0E0000000000000000000B'
ApplIdentityData : ' '
** Origin Context
PutApplType : '11'
PutApplName : 'Sphere MQ\bin\MQExplorer.exe'
PutDate : '20121219' PutTime : '11285096'
ApplOriginData : ' '
GroupId : X'000000000000000000000000000000000000000000000000'
MsgSeqNumber : '1'
Offset : '0'
MsgFlags : '0'
OriginalLength : '-1'
**** Message ****
length - 2 bytes
00000000: 6869 'hi '
MQGET of message number 2
****Message descriptor****
StrucId : 'MD ' Version : 2
Report : 0 MsgType : 8
Expiry : -1 Feedback : 0
Encoding : 546 CodedCharSetId : 1208
Format : 'MQSTR '
Priority : 0 Persistence : 0
MsgId : X'414D5120514D31202020202020202020843CCF5020007F04'
CorrelId : X'000000000000000000000000000000000000000000000000'
BackoutCount : 0
ReplyToQ : ' '
ReplyToQMgr : 'QM1 '
** Identity Context
UserIdentifier : '530593 '
AccountingToken :
X'16010515000000235F636B833D2B46828BA628958F0E0000000000000000000B'
ApplIdentityData : ' '
** Origin Context
PutApplType : '11'
PutApplName : 'Sphere MQ\bin\MQExplorer.exe'
PutDate : '20121219' PutTime : '11285563'
ApplOriginData : ' '
GroupId : X'000000000000000000000000000000000000000000000000'
MsgSeqNumber : '1'
Offset : '0'
MsgFlags : '0'
OriginalLength : '-1'
**** Message ****
length - 5 bytes
00000000: 6865 6C6C 6F 'hello '
No more messages
MQCLOSE
MQDISC
C:\Users\530593>
|
How to find the the source application/server/ip of messages from above output? Its showing "PutApplName : 'Sphere MQ\bin\MQExplorer.exe'" since I used the put message option in mq explorer. Will it show some core banking application name/ip if it were put by that application in remote queue on some othe server?
In ibm site its showing the queuemanager's name as the source application in the sample output(please see below):-
| Quote: |
Figure 1. Typical results from queue browser
AMQSBCG0 - starts here
**********************
MQOPEN - 'SYSTEM.ADMIN.QMGR.EVENT'
MQGET of message number 1
****Message descriptor****
StrucId : 'MD ' Version : 2
Report : 0 MsgType : 8
Expiry : -1 Feedback : 0
Encoding : 546 CodedCharSetId : 850
Format : 'MQEVENT '
Priority : 0 Persistence : 0
MsgId : X'414D512073617475726E2E71756575650005D30033563DB8'
CorrelId : X'000000000000000000000000000000000000000000000000'
BackoutCount : 0
ReplyToQ : ' '
ReplyToQMgr : 'saturn.queue.manager '
** Identity Context
UserIdentifier : ' '
AccountingToken :
X'0000000000000000000000000000000000000000000000000000000000000000'
ApplIdentityData : ' '
** Origin Context
PutApplType : '7'
PutApplName : 'saturn.queue.manager '
PutDate : '19970417' PutTime : '15115208'
ApplOriginData : ' '
GroupId : X'000000000000000000000000000000000000000000000000'
MsgSeqNumber : '1'
Offset : '0'
MsgFlags : '0'
OriginalLength : '104'
**** Message ****
length - 104 bytes
00000000: 0700 0000 2400 0000 0100 0000 2C00 0000 '....→.......,...'
00000010: 0100 0000 0100 0000 0100 0000 AE08 0000 '................'
00000020: 0100 0000 0400 0000 4400 0000 DF07 0000 '........D.......'
00000030: 0000 0000 3000 0000 7361 7475 726E 2E71 '....0...saturn.q'
00000040: 7565 7565 2E6D 616E 6167 6572 2020 2020 'ueue.manager '
00000050: 2020 2020 2020 2020 2020 2020 2020 2020 ' '
00000060: 2020 2020 2020 2020 ' '
No more messages
MQCLOSE
MQDISC |
If some application put this message in remote queue and thus comes it to the local queue, Can I know that application's name which put the message in remote queue OR, the ip on which the queuemanager containg remote queue is created?
Is there any way to trace the path of the of a particular message from source to destination...For e.g, application-->remote_queue--->TX queue------>_channel-->local queues wih their ips?
Actually, I need to know where from some junk messages came to my local queue?
Thanks a lot for your suggestions.
Regards,
Saikat |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Dec 19, 2012 4:33 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
There is a debugging procedure, known as a 'scream test', that might be helpful in this situation.
Inform everyone you know that is supposed to be writing to your queue that it will be experiencing an 'outage' temporarily for maintenance.
alter the queue to put-disable it.
Wait for someone to scream that their messages aren't getting processed. |
|
| Back to top |
|
|
| zpat |
| Posted: Wed Dec 19, 2012 5:06 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| saikat89 wrote: |
Hi,
The ibm official site says this particular support pack to be used only for development and test environment.
But in our case it is production environment. In this case, How can we read MQMD data of the messages?? How can we know the source application/server/ip of messages in production environment?
Regards,
saikat |
It will still work, but I would use something better like MO71.
You can't find out the client IP address from the message. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Dec 19, 2012 5:11 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
If you can identify the channel the messages are coming from, you can identify the queue manager they are being put to.
If you can identify the queue manager they are being put to, you can identify all of the applications that are connected to that queue manager.
If you can identify all the applications connected to a queue manager, you can identify what queues are being written to.
Or you can put an MCAUSER on the receiver channel (you should have one anyway) that is blocked from writing to the queue in question. That, again, should cause someone to scream - or at least cause messages to go to the DLQ on the sender side, which again should cause someone to say something.
The overall *correct* solution to this problem is take the steps you should have taken in the first place to prevent it from being possible - that is secure your entire qmgr network such that apps are only authorized to the correct things.
Then if junk messages show up somewhere you know where they have to have come from and can take steps to apply trout to the back sides of the app developer's heads.  |
|
| Back to top |
|
|
| vmcgloin |
| Posted: Wed Dec 19, 2012 5:12 am Post subject: |
|
|
Knight
Joined: 04 Apr 2002
Posts: 560
Location: Scotland
|
 at scream test - very usful though
The IBM example you quote is showing the qmgr name because the queue being browsed is 'SYSTEM.ADMIN.QMGR.EVENT'.
You need to browse your junk message in situ on the original queue - however you might not find out much. If these junk messages are causing probles then perhaps you need to consider security... and restricting access to authorised users/applications. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Dec 19, 2012 5:19 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| vmcgloin wrote: |
| at scream test - very usful though |
Yes, in moderation... 
| vmcgloin wrote: |
| perhaps you need to consider security... and restricting access to authorised users/applications. |
There is no perhaps.
Every single MQ network in existence needs to be secured with every single channel having mechanisms in place to restrict the authorities of incoming messages.
If I can connect to one queue manager in an unsecured network, I can reformat every hard drive on every machine that is reachable from that MQ network.
There is no 'perhaps' about MQ security.
Just allow unauthorized anonymous telnet, if you don't secure your queue managers. |
|
| Back to top |
|
|
| vmcgloin |
| Posted: Wed Dec 19, 2012 5:25 am Post subject: |
|
|
Knight
Joined: 04 Apr 2002
Posts: 560
Location: Scotland
|
| mqjeff wrote: |
| vmcgloin wrote: |
| at scream test - very usful though |
Yes, in moderation...
| vmcgloin wrote: |
| perhaps you need to consider security... and restricting access to authorised users/applications. |
There is no perhaps.
Every single MQ network in existence needs to be secured with every single channel having mechanisms in place to restrict the authorities of incoming messages.
If I can connect to one queue manager in an unsecured network, I can reformat every hard drive on every machine that is reachable from that MQ network.
There is no 'perhaps' about MQ security.
Just allow unauthorized anonymous telnet, if you don't secure your queue managers. |
Agreed. I was simply being less helpful and less forceful in my answer than you were when I cross posted. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Dec 19, 2012 5:35 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| vmcgloin wrote: |
| Agreed. I was simply being less helpful and less forceful in my answer than you were when I cross posted. |
   
I am actually much less forceful than I seem to be. |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Dec 19, 2012 8:26 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| mqjeff wrote: |
| I am actually much less forceful than I seem to be. |
Very true...but he made me say that!
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Wed Dec 19, 2012 5:31 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| saikat89 wrote: |
C:\Users\530593>amqsbcg test QM1
MQOPEN - 'test'
MsgId : X'414D5120514D31202020202020202020843CCF5020007F02'
ReplyToQMgr : 'QM1 '
UserIdentifier : '530593 '
PutApplName : 'Sphere MQ\bin\MQExplorer.exe'
PutDate : '20121219' PutTime : '11285096'
MsgId : X'414D5120514D31202020202020202020843CCF5020007F04'
UserIdentifier : '530593 '
PutApplName : 'Sphere MQ\bin\MQExplorer.exe'
PutDate : '20121219' PutTime : '11285563' |
Well, it appears that you put 2 messages on the queue 'test' using MQ Explorer.
| saikat89 wrote: |
| MQOPEN - 'SYSTEM.ADMIN.QMGR.EVENT' |
Do not mess with the queue manager's event queue.
| saikat89 wrote: |
| If some application put this message in remote queue and thus comes it to the local queue, Can I know that application's name which put the message in remote queue OR, the ip on which the queuemanager containg remote queue is created? |
If you have not implemented any security in MQ then anyone at anytime can do anything to your messages, queues, channels, etc...
| saikat89 wrote: |
| Is there any way to trace the path of the of a particular message from source to destination...For e.g, application-->remote_queue--->TX queue------>_channel-->local queues wih their ips? |
See above. Implementing security is required!!
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| saikat89 |
| Posted: Wed Dec 19, 2012 10:04 pm Post subject: |
|
|
Novice
Joined: 06 Sep 2012
Posts: 15
|
Hi,
Can u please help me regarding:-
1.What are the steps to secure MQ Network./applying MQ security features.
2.What am I supposed to recommend the network team regarding securing the network from MQ Perspective?
3.If you kindly guide us regarding procedure of MQ Hardening I will be grateful.
If you can share some documents regarding this It will be helpful.
Regards,
saikat
Last edited by saikat89 on Wed Dec 19, 2012 11:01 pm; edited 1 time in total |
|
| Back to top |
|
|
|
|
