Problems flagged as urgent exception messages can include an Audit Journal message where the object has been changed.
CCSS has announced new enhancements to its message monitoring and escalation product, QMessage Monitor (QMM). New capabilities have been created to give QMM users additional access and insight when working with Audit Journal messages.
The monitoring and management of Journal Receivers, such as the Audit Journal, plays a critical role in most System i environments as rogue jobs or a sudden inactive status could have an immediate impact on the HA solutions that often rely on the optimal performance and availability of these system elements. Often the cost consequences of less than immediate resolution of these issues can lead to financial penalties, as dictated by SLA non-compliance instances or even the additional expense of relying on extra DASD resource until such issues are resolved so as not to hinder the audit compliance.
Problems flagged as exception messages that warrant immediate investigation could include an Audit Journal message where the object has been changed. These messages have a large amount of data that can be instrumental in resolving related issues. QMM users can now access this data for further analysis through a called user program and retrieve an additional 9999 characters using this method, even if the object being changed resided in the IFS (which ordinarily would be problematic in that the path for that object cannot be easily seen or retrieved as part of any investigation or analysis.) The ability to retrieve extended data speeds up the resolution time for operators and reduces the likelihood of relying on additional DASD where a lengthy investigation process is anticipated, saving operators the expense that this additional resource use would incur.
Users managing the Audit Journal messages with QMM will also benefit from new additional password failure information, adding a significant new level of assistance to any intrusion detection analysis. Certain audit journal password failure messages (category PW) have the ability to provide the IP address of the system where the attempt to connect was made from. The immediacy of this type of information could help to readily determine any instance of a genuine security breach or whether the password failure was the result of a benevolent mistake.
Paul Ratchford, product manager for CCSS says, "These two new enhancements both bring a new level of immediate information to users and in many cases will mean that a multi-step process of investigation or elimination can be dispensed with. All the information they need is at hand and this increases the efficiency and speed of problems solving for operators using QMessage Monitor."
In addition to the Audit Journal enhancements, a new interface can now be configured for users of IBM's strategic backup and recovery product, BRMS. A simple two-step implementation process by users forwards messages from the BRMS message log to a user-configurable message queue. This makes BRMS messages available for processing by QMessage Monitor with all the usual benefits this brings with it such as message escalation procedures based on calendar availability or shift patterns. This is especially useful to flag underlying issues which could threaten backup protocols or audit continuity. These BRMS messages will be shown in the QMM console display along with relevant message details such as the associated message queue, ID, date, Job and any Auto Reply.
Finally, QRemote Control, the remote systems management solution from CCSS now allows users to configure the body of the emails. Previously, users were able to only configure the header information of an email by changing the pager format. This new enhancement means that users have greater freedom to include additional relevant information and in turn, enrich the nature of the messages they send via email.
For more information, visit http://www.ccssltd.com/products/qmessage-monitor/features.php
LATEST COMMENTS
MC Press Online