How can I track who is putting the alert queues, monitors, and filters on hold in PSDetect? (NETIQKB40927)

  • Document ID:7740927
  • Creation Date:02-Feb-2007
  • Modified Date:03-Oct-2007
    • Micro Focus Products:
      Security Solutions for iSeries

Resolution

goal

How can I track who is putting alert queues, monitors, and filters on hold in PSDetect? 



fact
NetIQ Security Solutions for iSeries 8.0

fact
VigilEnt Security Agent for PSAudit 7.5

fact
VigilEnt Security Agent for iSeries 7.5

fact
VigilEnt Security Agent for PSDetect 7.5

symptom
One of my Alert Queues was put on hold.

fix

To track who is putting the alert queues, monitors, and filters on hold you can change the object auditing parameter on files  PSM020P  (Alert Queues), PSC020P (Monitors),  PSM030P  (Filters) on the OS to *CHANGE. Then run the Object Access for Change report in PSAudit. Follow the steps below.

To begin tracking changes within the affected files, issue the following command on an OS Command line to set the object auditing parameter to *CHANGE: 

  1.  CHGOBJAUD OBJ(PSDETECT/PSM020P) OBJTYPE(*FILE) OBJAUD(*CHANGE)
  2.  CHGOBJAUD OBJ(PSDETECT/PSC020P) OBJTYPE(*FILE) OBJAUD(*CHANGE)
  3.  CHGOBJAUD OBJ(PSDETECT/PSM030P) OBJTYPE(*FILE) OBJAUD(*CHANGE)

To run the Object Access for Change report follow the steps below:

  1. From the NetiQ Product Access Menu, select Option 1 PSAudit, press Enter.
  2. Select Option 1 System Auditing and Reporting, press Enter.
  3. Select Option 5 Security Reports Menu, press Enter.
  4. Select Option 3 User and Object Reports Menu, press Enter.
  5. Select Option 7 Objects Accessed (Changed), press Enter.
  6. Press F9 to create a filter for field ZCOLIB where it equals PSDETECT.  This will report activities related to alert queues, monitors and filter changes in PSDetect.


Additional Information

Formerly known as NETIQKB40927