| Author |
Message
|
| J.D |
 Posted: Wed Jan 27, 2010 4:51 pm Post subject: Detailed logs |
 |
|
Voyager
Joined: 18 Dec 2009
Posts: 92
Location: United States
|
Hi All,
We have a requirement to record all the activity happens on MQ Server. Any User who connects/login to MQ should be included in log entries (User might be an application or MQ Admin). Our Security folks are expecting the following events:
User identification, Date and Time, Success or Failure and IP Address of User
I know many discussions happened before related to my topic but i didn't find right solution. I work for a retail client whose is implementing the PCI standards to secure the card holder data.
Thank You |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Thu Jan 28, 2010 4:57 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Why were the solutions you found not the "right" solution?
Be specific, and give examples. |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Thu Jan 28, 2010 3:22 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
MQ doesn't have any built in capability to do this. Are you only interested in remote or local applications connecting via MQ Client channels? What about local applications connecting via server binding?
_________________
Glenn |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Thu Jan 28, 2010 5:08 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Quote: |
Any User who connects/login to MQ should be included in log entries (User might be an application or MQ Admin). Our Security folks are expecting the following events:
User identification, Date and Time, Success or Failure and IP Address of User |
The only platform where this kind of information is readily available is (dare I say it?) mainframe z/OS. z/OS allows statistical and accounting, information, as well as security failures and successes, to be gathered via SMF (System Management Facility) records.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| J.D |
| Posted: Thu Jan 28, 2010 5:44 pm Post subject: |
|
|
Voyager
Joined: 18 Dec 2009
Posts: 92
Location: United States
|
| I just got an update from security folks that they looking for only MQ Admins login activity. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Jan 28, 2010 9:18 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| J.D wrote: |
| I just got an update from security folks that they looking for only MQ Admins login activity. |
Which you can obtain from your use of sudo to access the generic mqm user id (which I believe you mentioned in one of your many other posts).
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Fri Jan 29, 2010 8:41 am Post subject: Re: Detailed logs |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi J.D.,
| J.D wrote: |
We have a requirement to record all the activity happens on MQ Server. Any User who connects/login to MQ should be included in log entries (User might be an application or MQ Admin). Our Security folks are expecting the following events:
User identification, Date and Time, Success or Failure and IP Address of User |
Capitalware has 2 MQ security solutions that provide this type of logging for incoming connection requests:
- MQ Authenticate User Security Exit
- MQ Standard Security Exit
Please let me know if you have any questions or comments.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Jan 29, 2010 8:44 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Quote: |
| I just got an update from security folks that they looking for only MQ Admins login activity. |
For clarity, does this mean that the security folks only want to know that someone with mqm authority logged in? Or after login exactly what they did with mq objects?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| J.D |
| Posted: Fri Jan 29, 2010 11:32 am Post subject: |
|
|
Voyager
Joined: 18 Dec 2009
Posts: 92
Location: United States
|
[quote="bruce2359"]
| Quote: |
For clarity, does this mean that the security folks only want to know that someone with mqm authority logged in? Or after login exactly what they did with mq objects? |
On Unix, they can find out who logged in since we use sudo to mqm. They want to know what we did with MQ objects like browsing the Queues and changing parameters.
On Windows, we have 3rd party event management tool which shows success/failed logon activities. |
|
| Back to top |
|
|
| J.D |
| Posted: Fri Jan 29, 2010 12:18 pm Post subject: Re: Detailed logs |
|
|
Voyager
Joined: 18 Dec 2009
Posts: 92
Location: United States
|
Hi Roger,
Thanks for sending the links. I will look into these and get back to you. |
|
| Back to top |
|
|
|
|
