| Author |
Message
|
| PeterPotkay |
 Posted: Wed Sep 16, 2015 6:57 am Post subject: Configuration Events - What's out there to process them? |
 |
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
I am looking for a Support Pack or Vendor product or Open Source bunch of code that will MQGET all messages off all SYSTEM.ADMIN.CONFIG.EVENT queues and do something useful with them:
Something as simple as put them into a big log file, so I have a stream of changes in one file.
Or put them into a DB and stick a pretty GUI front end on that DB to assist with on demand reporting.
Some sort of alerting when config events that meet my criteria are seen.
What's out there?
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Wed Sep 16, 2015 7:04 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Sep 16, 2015 3:47 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
Thanks Jeff, MH05 looks promising.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Sep 16, 2015 8:06 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
You may also want to look at MS0P. It is packaged as an Eclipse Plugin and likes the event queues to end with the word .EVENT... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Thu Sep 17, 2015 3:29 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
| fjb_saper wrote: |
| You may also want to look at MS0P. It is packaged as an Eclipse Plugin and likes the event queues to end with the word .EVENT... |
Yeah, I got MS0P and it works well for manual inspecting the messages. I'm looking to automate the process.
Conceptually I want to stream all config events from all QMs in my environment to a single "app" that consumes and records them for future analysis. Changing the SYSTEM.ADMIN.CONFIG.EVENT queues to Alias queues that point at Topics is a interesting idea in the MH05 Support Pack. I can make an administrative subscription pointing at the input queues at a central location that MH05 or something else reads from and permenently records into a database. Because SYSTEM.ADMIN.CONFIG.EVENT is at that point Pub/Sub, if another app or monitoring tool also needs these events, no problemo.
Maybe a little WMB flow deployed to a couple of Brokers can consume these Config Events and insert them into the DB.
Yeah, I know, this problem is relatively trivial for a real developer who could whip up an app to consume the messages, insert into the DB, and build a front end for the DB. I am not a real developer, nor do I have the time to bumble my way thru this. That's why I threw the question out there.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Thu Sep 17, 2015 3:41 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| PeterPotkay wrote: |
Maybe a little WMB flow deployed to a couple of Brokers can consume these Config Events and insert them into the DB.
|
Don't forget the remote MQ connection feature of V10. Might only need it on one broker.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Sep 17, 2015 3:52 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
I thought MSOP was more interesting as MH05 because it does not just dump the pcf but kind of interprets it for you...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Thu Sep 17, 2015 3:55 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
| smdavies99 wrote: |
| PeterPotkay wrote: |
Maybe a little WMB flow deployed to a couple of Brokers can consume these Config Events and insert them into the DB.
|
Don't forget the remote MQ connection feature of V10. Might only need it on one broker. |
Well, multiple Brokers still for H.A. reasons, but yes, that is another option - that way all the config events can reside on the QM that created them, and be consumed by the IIB 10 client connections that race for them and insert them into a central DB.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| tczielke |
| Posted: Thu Sep 17, 2015 4:22 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
| PeterPotkay wrote: |
| Conceptually I want to stream all config events from all QMs in my environment to a single "app" that consumes and records them for future analysis. |
From an auditing stand point of who made the configuration changes, just curious on if/how people handle the issue of the administrator doing the changes under the mqm id (i.e. Unix/Linux). If you make the configuration change after doing saying a su to the mqm id, it looks like mqm shows up in the configuation event information on who did the change, and then you lose the accountability on who actually made the change.
_________________
Working with MQ since 2010. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Sep 17, 2015 4:34 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| tczielke wrote: |
| PeterPotkay wrote: |
| Conceptually I want to stream all config events from all QMs in my environment to a single "app" that consumes and records them for future analysis. |
From an auditing stand point of who made the configuration changes, just curious on if/how people handle the issue of the administrator doing the changes under the mqm id (i.e. Unix/Linux). If you make the configuration change after doing saying a su to the mqm id, it looks like mqm shows up in the configuation event information on who did the change, and then you lose the accountability on who actually made the change. |
Thankfully Unix/Linux keeps track of who was sudo'd in as whom. (if configured to do so).
With the event message having a timestamp you should be able to figure out who did the change...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| tczielke |
| Posted: Thu Sep 17, 2015 4:38 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
That would help narrow it down, but there is always the possibility that several people could be on the server at the same time and did a sudo to mqm.
We have a script here where we track what user id is running under mqm by doing the following:
who -m 2>/dev/null|awk '{print $1}'
It might be helpful if the configuration events (for Unix based systems) would check if stdin is owned by another user id, and then record that somewhere in the configuration event.
_________________
Working with MQ since 2010. |
|
| Back to top |
|
|
| tczielke |
| Posted: Thu Sep 17, 2015 11:29 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Thu Sep 17, 2015 3:15 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
What about when the change is made as mqm but over a client channel. Would be good for the Config Events to capture the source IP address. And if CHLAUTH was used to map to mqm from a client ID, what that client ID was.
More diagnostic / forensic info is always good.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| tczielke |
| Posted: Fri Sep 18, 2015 4:26 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
I agree that it would be helpful to have that in there, as well. I see you updated the RFE with those comments, too. Thanks!
_________________
Working with MQ since 2010. |
|
| Back to top |
|
|
|
|
