Troubleshooting
This topic provides information and workarounds for problems that you might encounter. If you cannot resolves a problem yourself, contact BMC Support.
Problem | Resolution |
---|---|
BMC AMI Defender fails to start. | The problem is probably caused by a JCL error in the cataloged procedure. Check the syslog console or server log and SDSF for the error. |
BMC AMI Defender fails with abend U4093 and reason code 90.
| Check the CZAPRINT data set for errors. In the Messages Library, look for messages with identifiers that end in E, S or C (for example, CZA0207S). |
BMC AMI Defender fails with message CZA0045C | Check the CZAPRINT data set for errors. |
BMC AMI Defender fails with message CZA0276C and reason code 4. | Check the CZAPRINT data set for errors. |
BMC AMI Defender runs but IBM Security Information and Event Management (SIEM) receives no messages. | Check message CZA0274I in CZAPRINT to ensure that BMC AMI Defender for Db2 is using the intended parameter file. If not, try to resolve any configuration issues. |
BMC AMI Defender runs but SIEM receives message CZA0028E in CZAPRINT. | One of the following issues exists:
|
BMC AMI Defender runs, SIEM receives no messages, and the SERVER statement in the parameter file specifies TRANSport(Udp) or has no TRANSPort parameter. | The problem is probably caused by an incorrect IP address or port, or a firewall is blocking connectivity. If the IP address is incorrect or unreachable, no error appears on the LPAR. |
BMC AMI Defender runs, SIEM receives no messages, the SERVER statement specifies TRANSport(TCP, SSL or TLS), and there are no CZA0028E messages in CZAPRINT | Syslog messages are probably reaching some destination. Ensure that:
|
SIEM receives some messages, but other expected messages are missing. | Stop BMC AMI Defender and look at the CZAPRINT listing. If message CZA0217W appears mentioning IEFU83 driven, IEFU84 driven or IEFU85_driven? If so, it probably indicates that the specified exit is not enabled in SYS1.PARMLIB. Refer to EXIT parameters under Checking the Configuration of SMF. Consider the effect of SELECT statements. See Configuring Your Required Events with SELECT. |
SIEM receives some messages, but other expected messages are missing. One of the following messages appears in CZAPRINT:
| The specified SMF record types are not being produced. For more information, see TYPE parameters.
|
SIEM receives some messages, but other expected messages are missing. In CZAPRINT, message CZA0217W appears referring to IEFU83-, IEFU84-, or IEFU85-driven. | The specified exit is probably not enabled in SYS1.PARMLIB. For more information, see EXIT parameters. Also consider the effect of SELECT statements. For more information, see Customizing required events with SELECT. |
BMC AMI Defender is sending too much data to the SIEM | See SELECT and DESELECT statements and the EVENTs, IFCID or SUBTypes parameter of the various SMF statements in Parameter file statements. To determine the events, IFCIDs, or subtypes are contributing to the problem, see the documentation for CZA0323I and related messages in CorreLog zDefender for z/OS Messages and Codes. |
You receive unexpected timestamps (for example, GMT instead of the local time) | See Time settings. |
Comments
Log in or register to comment.