What message ID should be used when setting up a filter for PSDetect to monitor rejected entries com (NETIQKB37987)

  • Document ID:7737987
  • Creation Date:02-Feb-2007
  • Modified Date:08-Oct-2007
    • Micro Focus Products:
      Security Solutions for iSeries

Resolution

goal
What message ID should be used when setting up a filter for PSDetect to monitor rejected entries coming from Remote Request Management? 

fact
VigilEnt Security Agent for PSSecure 7.5

fact
VigilEnt Security Agent for iSeries PSSecure 7.0

fact
VigilEnt Security Agent for PSDetect 7.5

fact
VigilEnt Security Agent for iSeries PSDetect 2.2

fix

PS10001 is the message ID that should be used when setting up a filter for PSDetect to monitor for rejected transactions coming from Remote Request Management.  See below for an example of how to set up the filter in PSDetect.

  1. From the PSDetect main menu take Option 3 Work With Alert Filters, and press Enter. 

  2. Indicate 5=Work with Filters, next to the PSDAPI Alert Queue, and press Enter.

  3. Press F6=Create to create a new filter, and press Enter.

  4. In the Filter sequence field indicate a unique sequence number.

  5. In the Filter description field indicate a description that will help identify the filter.  

  6. Indicate Any in the Alert type field.

  7. Indicate 00 in the Severity filter field.

  8. In the Time range field indicate the time range that you want to monitor for rejected transactions.

  9. In the Monitor on days fields indicate a Y in the days you wish to monitor for rejected transactions, and press Enter.

  10. In the Select or Omit field indicate S=Select.

  11. In the Message ID field indicate PS10001.

  12. In the System name field indicate *All.

  13. In the Retrieve message description from fields indicate PSDMSGF in the Message file field and PSDETECT in the Library field, and press Enter.

  14. In the Edit Compare Data field indicate N, and press Enter.

  15. In the Action field indicate the type of alert you are wanting to send.

  16. In the Delay before action field indicate 0.

  17. In the Perform on system field indicate *LOCAL, and press Enter.


note
Subsystem ZPSD must be started, and the Alert Monitor and Action Monitor must be active. Depending on the type of action that has been indicated in the filter,  the Paging Monitor or E-mail Monitor may also need to be active.   

Additional Information

Formerly known as NETIQKB37987