IP enrichment exits

(SPE2504)
Use the following exits to provide IP enrichment for Telnet sessions, FTP sessions, and Performance Toolkit activity. 

Related topics

Installing

Installing RACF

Installing the Telnet exit

Telnet captures the IP addresses of Telnet connections made on the system on which the VM RACF agent is running. Use the following procedure to install the Telnet exit on your TCPMAINT system:

  1. Download the installation material to your workstation.

  2. Copy the following modules to TCPMAINT 0198 minidisk:

    • CZATN000 TEXT
    • CZAUME TEXT
    • CZATN000 CONFIG
    Example
    ----------------------------------------------------------------------
    link tcpmaint 198 198 mr <---------------------------------------ENTER
    Ready; t=0.01/0.01 12:25:48
    access 198 d  <---------------------------------------------ENTER
    Ready; t=0.01/0.01 12:25:58
    copyfile CZATN000 TEXT a == TEXT d <-----------------------------ENTER
    Ready; t=0.01/0.01 12:26:30
    copyfile CZAUME TEXT a == TEXT d <-------------------------------ENTER
    Ready; t=0.01/0.01 12:26:58
    copyfile CZATN000 CONFIG a == CONFIG d <-------------------------ENTER
    Ready; t=0.01/0.01 12:27:36
  3. Configure the CZATN000.CONFIG RECEIVER parameter with the VM user ID of machine where the VM RACF agent is running.
  4. Configure PROFILE.TCPIP on the TCPMAINT 198 minidisk:
    • Make sure that a Telnet port is enabled.

    • Add CZATN000 as a connect exit by using the following syntax:
      INTERNALCLIENTPARMS
       connectexit   CZATN000
      ENDINTERNALCLIENTPARMS

  5. Make sure that TCPIP.DATA is on both the 591 and 592 minidisks. If it is only on 592, you must copy it to 591.

  6. Restart TCPIP by running the following commands:
    /**/
    'CP DISC'
    'CP SLEEP 1 SEC'
    'CP FORCE TCPIP'
    'CP SLEEP 4 SEC'
    'CP XAUTOLOG TCPIP'
    EXIT

Installing the FTP exit

FTP captures audit processing details, general FTP commands, and the IP address and user ID performing the commands. Use the following procedure to install the FTP exit on your TCPMAINT system:

  1. Download the installation material to your workstation.

  2. Copy the following modules to TCPMAINT 198 minidisk:

    • FTPEXIT TEXT
    • CZAUME TEXT
    • FTPEXIT CONFIG
    Example
    ----------------------------------------------------------------
    link tcpmaint 198 198 mr <--------------------------------ENTER
    Ready; t=0.01/0.01 12:25:48
    access 198 d  <---------------------------------------------ENTER
    Ready; t=0.01/0.01 12:25:58
    copyfile FTPEXIT TEXT a == TEXT d <-----------------------------ENTER
    Ready; t=0.01/0.01 12:26:30
    copyfile CZAUME TEXT a == TEXT d <-------------------------------ENTER
    Ready; t=0.01/0.01 12:26:58
    copyfile FTPEXIT CONFIG a == CONFIG d <--------------------------ENTER
    Ready; t=0.01/0.01 12:27:36
Important

If you have an existing FTPEXIT.EXEC, you do not need to change the exit. FTPEXIT.TEXT will automatically call the existing exit.

  1. Configure the FTPEXIT.CONFIG RECEIVER parameter with the VM user ID of machine on which the VM RACF agent is running.
  2. Configure SRVRFTP CONFIG:
    • If it already exists, enable statements FTAUDIT, FTCHKCMD, and FTCHKDIR.
    • If it does not exist, copy the sample SRVRFTP SCONFIG from the TCPMAINT 591 minidisk to SRVRFTP CONFIG on TCPMAINT 198, and enable statements FTAUDIT, FTCHKCMD, and FTCHKDIR.
  3. Restart TCPIP either by logging off and logging on to TCPMAINT or by running the #cp i cms command from TCPMAINT.

Installing the Perfkit exit

Performance Toolkit (Perfkit) captures the data related to logging on and off of the web interface, including the IP address and the user ID of the users who are logging on and off. Use the following procedure to install the Perfkit exit on your PERFSVM system:

  1. Download the installation material to your workstation.

  2. Copy the following modules to PERFSVM 191 minidisk:

    • CZAEXIT TEXT
    • CZACSP MODULE
    • CZAUME TEXT
    • CZAEXIT CONFIG
    Example
    ----------------------------------------------------------------
    link perfsvm 191 191 mr <--------------------------------ENTER
    Ready; t=0.01/0.01 12:25:48
    access 191 d  <-------------------------------------------ENTER
    Ready; t=0.01/0.01 12:25:58
    copyfile CZAEXIT EXEC a == EXEC d <------------------------------ENTER
    Ready; t=0.01/0.01 12:26:30
    copyfile CZAUME TEXT a == TEXT d <-------------------------------ENTER
    Ready; t=0.01/0.01 12:26:58
    copyfile CZAEXIT CONFIG a == CONFIG d <--------------------------ENTER
    Ready; t=0.01/0.01 12:27:36
    copyfile CZASBP MODULE a == MODULE d <---------------------------ENTER
    Ready; t=0.01/0.01 12:28:18
  1. Configure CZAEXIT.CONFIG on the PERFSVM minidisk 191.
    • Configure the RECEIVER parameter with the VM user ID of machine where the VM RACF agent is running.
    • Set the Timer parameter for the time interval for reading the CONSOLE LOG. The allowed range is from 1 to 29 minutes. The default is 1 minute.
      • min_start—Time (in minutes, after midnight) to start reading
      • min_repeat—Time interval after which the log is read again
  2. Restart PERFSVM by running the i zcms 64-bit command from PERFSVM.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*