How do I setup PSDETECT to alert on Privilege Manager actions (NETIQKB71849)

  • Document ID:7771849
  • Creation Date:23-Sep-2009
  • Modified Date:03-Mar-2010
    • Micro Focus Products:
      Security Solutions for iSeries

Environment

NetIQ Security Solutions for iSeries v8.0
NetIQ Security Solutions for iSeries v8.1
Privilege Manager

Situation

How do I setup PSDETECT to alert on Privilege Manager actions

Resolution

To have PSDETECT alert on Privilege Manager actions, there are 4 pieces that need to be setup.

  • The Defaults in Privilege Manager need to be setup for alerting.
  • The Privilege Manager entitlement that you want to be alerted on should have the "Alert" option set to Y, assuming you want to alert on successful entitlement usage.
  • In PSDETECT, you should have an alert filter setup in the PSDAPI alert queue, PSDAPI should not be held.
  • In PSDETECT, the PSDETECT monitors should be up and running.
  1. The Defaults in Privilege Manager need to be setup for alerting.
    From PSMENU, take options 5 and 10. On the "Work with PM Defaults" screen, change the "Alert Type"
    option to *PSDETECT. Press F8 to update the settings and press enter. Press F3 to exit.
  2. The Privilege Manager entitlement that you want to be alerted on should have the "Alert" option set to Y.
    From PSMENU, take options 5 and 1. Either create a new entitlement using F6 and make sure that
    the "Alert Required?" option is set to Y or edit an existing entitlement using option 2=Edit and set
    the "Alert Required?" option to Y. You do not have to follow this step if you want to report on NQPRVMGR failures, PRM0002.
  3. In PSDETECT, you should have an alert filter setup in the PSDAPI alert queue, PSDAPI should not be held.
    From PSMENU, take options 3 and 3, make sure the PSDAPI alert queue is currently not held.
    Take option 5 on the PSDAPI alert queue.  On the "Work with Alert Filters" screen for PSDAPI, take option F6
    to create a new Alert Filter.

    Give the filter a non existing sequence number and an apt description, for example "Privilege Manager cmds" and
    press enter. On the "Alert Filter Selection Criteria" screen, specify PRM0001 as the message id and the
    message file as PRMMSGF in library PSCOMMON. Press Enter, enter N when prompted to specify Compare data.

    On the "Work with Actions" screen, press F4 on the actions and select an appropriate action using 1=Select , e.g. EMAIL
    and press enter. You will then have to populate the specific action details, for example for an EMAIL action
    you have to use F4 to prompt and then select the EMAIL addresses already setup in PSDETECT. Press enter to continue.
    Your alert filter is now setup.
  4. In PSDETECT, the PSDETECT monitors should be up and running.
    From PSMENU, take options 3 and 4 and make sure all monitors are up and running.
    If the monitors are not up, please use option 8=Start to start the monitors in question.


For Privilege Manager alerts on unauthorized use of NQPRVMGR, follow steps 1,3 and 4, substituting PRM0002 for PRM0001 in step 3.

 

Additional Information

Formerly known as NETIQKB71849