×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC AMI Defender for Db2 5.9

Troubleshooting

This topic provides information and workarounds for problems that you might encounter. If you cannot resolves a problem yourself, contact BMC Support.

Problem

Resolution

BMC AMI Defender fails to start.

The problem is probably caused by a JCL error in the cataloged procedure.

Check the syslog console or server log and SDSF for the error.

BMC AMI Defender fails with abend U4093 and reason code 90.

 

Check the CZAPRINT data set for errors. In the Messages Library, look for messages with identifiers that end in E, S or C (for example, CZA0207S).
Also see Customizing the z/OS communications server (TCP/IP) and OMVS.

BMC AMI Defender fails with message CZA0045C 

Check the CZAPRINT data set for errors.
In the Messages Library, look for messages with numbers that end in E, S or C (for example, CZA0207S) .
Also see Authorizing the BMC AMI Defender load library in the "Configuring SMF and other IBM z/OS subsystems" topic.

BMC AMI Defender fails with message CZA0276C and reason code 4.

Check the CZAPRINT data set for errors.
In the Messages Library, look for messages with numbers that end in E, S or C (for example, CZA0207S).
Also see Configuring the CZAGENT procedure for Db2.

BMC AMI Defender runs but IBM Security Information and Event Management (SIEM) receives no messages.

Check message CZA0274I in CZAPRINT to ensure that BMC AMI Defender for Db2 is using the intended parameter file. If not, try to resolve any configuration issues.

BMC AMI Defender runs but SIEM receives message CZA0028E in CZAPRINT.

One of the following issues exists:

  • SIEM is not running.
  • SIEM is not configured to receive TCP/IP messages on the specified or default port.
  • SIEM is unreachable due to firewall or similar issues.

BMC AMI Defender runs, SIEM receives no messages, and the SERVER statement in the parameter file specifies TRANSport(Udp) or has no TRANSPort parameter.

The problem is probably caused by an incorrect IP address or port, or a firewall is blocking connectivity. If the IP address is incorrect or unreachable, no error appears on the LPAR.

BMC AMI Defender runs, SIEM receives no messages, the SERVER statement specifies TRANSport(TCP, SSL or TLS), and there are no CZA0028E messages in CZAPRINT 

Syslog messages are probably reaching some destination.

Ensure that:

  • You have specified the correct address for the SIEM console.
  • SIEM is not filtering or otherwise not displaying received messages.
  • If you are using BMC Defender SyslogDefender, that the messages are being correctly forwarded.

SIEM receives some messages, but other expected messages are missing.

Stop BMC AMI Defender and look at the CZAPRINT listing.

If message CZA0217W appears mentioning IEFU83 driven, IEFU84 driven or IEFU85_driven? If so, it probably indicates that the specified exit is not enabled in SYS1.PARMLIB. Refer to EXIT parameters under Checking the Configuration of SMF.

Consider the effect of SELECT statements. See Configuring Your Required Events with SELECT.

SIEM receives some messages, but other expected messages are missing.

One of the following messages appears in CZAPRINT:

  • CZA0277W
  • CZA0278W
  • CZA0286W
  • CZA0287W

The specified SMF record types are not being produced. For more information, see TYPE parameters.

 

SIEM receives some messages, but other expected messages are missing.

In CZAPRINT, message CZA0217W appears referring to IEFU83-, IEFU84-, or IEFU85-driven.

The specified exit is probably not enabled in SYS1.PARMLIB. For more information, see EXIT parameters.

Also consider the effect of SELECT statements. For more information, see Customizing required events with SELECT.

BMC AMI Defender is sending too much data to the SIEM

See SELECT and DESELECT statements and the EVENTs, IFCID or SUBTypes parameter of the various SMF statements in Parameter file statements.

To determine the events, IFCIDs, or subtypes are contributing to the problem, see the documentation for CZA0323I and related messages in CorreLog zDefender for z/OS Messages and Codes.

See Filtering in and filtering out events.

You receive unexpected timestamps (for example, GMT instead of the local time)

See Time settings.
Related topics

Restarting BMC AMI Defender for z/OS after an unrecoverable failure

Troubleshooting filtering events

CZ messages Open link

Was this page helpful? Yes No Submitting... Thank you
Last modified by Sara Kamen on Feb 06, 2020
troubleshooting

Comments

Log in or register to comment.

Messages
PDFs
© Copyright 2013 - 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.