| Author |
Message
|
| DarXide |
 Posted: Sun Jun 20, 2010 9:55 pm Post subject: who connecting to my qmgrs |
 |
|
Apprentice
Joined: 02 Dec 2007
Posts: 43
Location: israel
|
hii
how i can folow connections to my qmgr ( IP / username ) ?
is there some tool that do that ? |
|
| Back to top |
|
 |
| gbaddeley |
| Posted: Sun Jun 20, 2010 10:01 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
What to you mean by "follow" ?
Look at the DISPLAY CONN and DISPLAY CHSTATUS commands.
_________________
Glenn |
|
| Back to top |
|
|
| zpat |
| Posted: Sun Jun 20, 2010 11:20 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
You can see current connections in various ways, I prefer support pac M071.
To see a history of connections, I use the free exit BlockIP2 suitably configured. |
|
| Back to top |
|
|
| DarXide |
| Posted: Sun Jun 20, 2010 11:34 pm Post subject: |
|
|
Apprentice
Joined: 02 Dec 2007
Posts: 43
Location: israel
|
i want to know who connected to the QMGR last month
i need something that will log the connection to qmgr
why i need it ? its a demend from the security department |
|
| Back to top |
|
|
| zpat |
| Posted: Mon Jun 21, 2010 12:33 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| I answered the question - what more do you want? |
|
| Back to top |
|
|
| DarXide |
| Posted: Mon Jun 21, 2010 1:59 am Post subject: |
|
|
Apprentice
Joined: 02 Dec 2007
Posts: 43
Location: israel
|
where i can dowload it ?
it can show who changed mq objects ? |
|
| Back to top |
|
|
| zpat |
| Posted: Mon Jun 21, 2010 2:36 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Download from here http://mrmq.dk/
Set the security exit & security exit data values on all the relevant channels (SVRCONN ones primarily) to enable it.
It does not audit MQ object changes, however if you secure your QM properly then this is not really an issue.
Use a BlockIp2 ini file something like this to log all access (but not deny it)
| Code: |
LogPath=/var/mqm/exits64;
LogFormat=N;
LogCount=8;
BlockMqmUsers=N;
AllowBlankUserID=Y;
LogFileName=WMQTRC-;
#
|
|
|
| Back to top |
|
|
| mqjeff |
| Posted: Mon Jun 21, 2010 2:39 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You can also look at SupportPac MA0Z.
But if you haven't secured your queue manager, it's not clear you can trust that whoever is connecting will tell you who they are or that you can trust what they say. |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Mon Jun 21, 2010 3:38 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| zpat wrote: |
| ...To see a history of connections, I use the free exit BlockIP2 suitably configured. |
BlockIP2 can log connections via MQ channels, but it does not log direct binding connections.
_________________
Glenn |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Jun 21, 2010 4:36 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Quote: |
| i want to know who connected to the QMGR last month |
Last month has passed. If you do not already have any tracking solution installed and operating, you will not be able to determine who connected in the past.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| shashivarungupta |
| Posted: Fri Jul 02, 2010 9:24 am Post subject: |
|
|
Grand Master
Joined: 24 Feb 2009
Posts: 1343
Location: Floating in space on a round rock.
|
| bruce2359 wrote: |
| Quote: |
| i want to know who connected to the QMGR last month |
Last month has passed. If you do not already have any tracking solution installed and operating, you will not be able to determine who connected in the past. |
Very True !
If a store does'nt have a camera setup, how would it come to know who all visited yesterday or days before.
I agree with zpat too.. similar to that Capitalware also gives the facility to log the events ( like connection acceptance / rejection ). But for that you got to setup MQAUSX security exit !!
_________________
*Life will beat you down, you need to decide to fight back or leave it. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Sat Jul 03, 2010 9:41 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| shashivarungupta wrote: |
| Capitalware also gives the facility to log the events ( like connection acceptance / rejection ). But for that you got to setup MQAUSX security exit !! |
By default, MQAUSX will have today's log file plus the 9 previous (day) log files. You can configure the 'BackupLogFileCount' to be any value you want. i.e. 30, 60, 90, etc... Note: You need to make sure you have enough disk space. 
You can externalize (use crontab) the log file rotation by setting 'RotateLogDaily' to N and use the supplied RotateLog.sh or RotateLog.bat script. You can even extend the script to zip / compress the backup log files to save on space.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
|
|
