DetectIT

October 2019

Version 14.4.9
Enhancements
  • Added reports to the Db2 Mirror activity report.

    For activity relating to Db2 Mirror replication services, QAUDJRN Entry type M7, the following reports are available:

    • MSC443L2 AUDIT - Db2 Mirror Replication Services
    • Plus MY* and MZ* consolidated versions to report by system name and chronologically, respectively

    Created additional DetectIT Message IDs to allow flexibility for the following Message Action processing alerts:

    • Event 'A' - MLT1995
    • Event 'D' - MLT1996
    • Event 'P' - MLT1997
    • Event 'R' - MLT1998
    • Event 'S' - MLT1999

    The following reports are available for activity relating to Db2 Mirror product services, QAUDJRN Entry type M8:

    • MSC443L3 AUDIT - Db2 Mirror Product Services
    • Plus MY* and MZ* consolidated versions to report by system name and chronologically, respectively

    Created additional DetectIT Message Ids have been created to allow flexibility for Message Action processing alerts:

    • Event 'A' - MLT2000
    • Event 'C' - MLT2001
    • Event 'F' - MLT2002
    • Event 'I' - MLT2003
    • Event 'R' - MLT2004
    • Event 'S' - MLT2005
    • Event 'T' - MLT2006
    • Event 'W' - MLT2007
  • Created a new version of the DetectIT User Profile Listing (MSP095). The new version prints the same details as before, but includes descriptions of User Profiles, Company Numbers, Menus, and Application Codes.

    This new version of this report is not fully integrated into the DetectIT Menu system.

  • Updated the DetectIT IBM i Release Level cross reference table to include details for IBM i 7.4. For a DetectIT Network, this allows the administrator to configure a system running IBM i 7.4 (V7R4M0).

    The cross reference table is available to print the DetectIT Menu structure by selecting option 7 then option 42. Alternatively, you can print directly from the ALERT profile (or any profile configured with the appropriate DetectIT MS application code level) using the following:

    • SECEXEC PGMNAM(MSP5331)
  • When maintaining the system audit journal codes to be collected with DetectIT, the administrator can now select the codes that are associated with *JOBBAS and *JOBCHGUSR. These values can be entered for the auditing System Values of QAUDLVL and QAUDLVL2. Both values are part of the *JOBDTA auditing value. IBM introduced *JOBBAS and *JOBCHGUSR to allow the administrator more flexibility to determine the type of job related activity to collect within the QAUDJRN system audit journal.

  • When using Work with QAUDJRN Data Collection, the administrator can switch the collection of the Db2 Mirror related audit events on or off as needed. In order to do so, *SYSMGT must exist within the QUADLVL or QAUDLVL2 System Values. The related Db2 Mirror activity is defined by the following QAUDJRN Entry types:

    • M0 - Db2 Mirror setup tools
    • M6 - Db2 Mirror communication services
    • M7 - Db2 Mirror replication services
    • M8 - Db2 Mirror product services
    • M9 - Db2 Mirror replication state
  • Added the following reports for activity relating to Db2 Mirror communication services, QAUDJRN Entry type M6:

    • MSC443L1 AUDIT - Db2 Mirror Communication Service
    • Plus MY* and MZ* consolidated versions to report by system name and chronologically, respectively.

    Added the following DetectIT Message Ids to allow flexibility for Message Action processing alerts:

    • Event 'A' - MLT1992
    • Event 'C' - MLT1993
    • Event 'R' - MLT1994
  • Added the following events within the Service Tools User ID and Attribute Changes Entry type, DS, to IBM i 7.4:

    • D - Delete service tools user ID using the DLTSSTUSR command.
    • H - Change service tools user ID using the CHGSSTUSR command.
    • R - Create service tools user ID using the CRTSSTUSR command.
    • S - Change service tools security attributes using the CHGSSTSECA command.

    All of the above events are available for reporting the following existing DetectIT reports:

    • MSC443C6 "AUDIT - DST Password reset".
    • Plus the corresponding MY* and MZ* prefixed consolidated versions of the reports.

    Added DetectIT Message Ids to provide the administrator with flexibility for Message Action processing alerts relating to each of these new events:

    • D - MLT1987
    • H - MLT1988
    • R - MLT1989
    • S - MLT1990
  • Added the following QAUDJRN Entry Types toIBM i 7.4. These new items relate to Db2 Mirror for IBM i.

    • M0 - Db2 Mirror Setup Tools
    • M6 - Db2 Mirror Communication Services
    • M7 - Db2 Mirror Replication Services
    • M8 - Db2 Mirror Product Services
    • M9 - Db2 Mirror Replication State

    In addition to the above, the QAUDJRN entries now include more data for activity related to Cluster Operations (Entry Type CU), Service Tools User ID, and Attribute Changes (DS). Consequently, the default lengths have increased. These updated values are available within the Work With Entry Type Overrides DetectIT auditing option. The Db2 Mirror auditing Entry Types are also included with the associated data lengths.

  • Added the following reports for activity relating to Db2 Mirror setup tools, QAUDJRN Entry type M0:

    • MSC443K9 AUDIT - Db2 Mirror Setup Tools
    • Plus MY* and MZ* consolidated versions to report by system name and chronologically, respectively.

    Added the following DetectIT Message Ids to allow flexibility for Message Action processing alerts:

    • Event 'A' - MLT1991
  • Added the following reports for activity relating to Db2 Mirror replication state, QAUDJRN Entry type M9

    • MSC443L4 AUDIT - Db2 Mirror Replication State
    • Plus MY* and MZ* consolidated versions to report by system name and chronologically, respectively

    Added the following DetectIT Message Ids to allow flexibility for Message Action processing alerts:

    • Event 'C' - MLT2008
  • Compliance Center for IBM i now provides the ability to construct and run queries over activity relating to Db2 Mirror for IBM i. This includes activity that generates the following QAUDJRN Entry Types:

    • M0 - Db2 Mirror Setup Tools
    • M6 - Db2 Mirror Communication Services
    • M7 - Db2 Mirror Replication Services
    • M8 - Db2 Mirror Product Services
    • M9 -Db2 Mirror Replication State
Other Fixes
  • Created the CHKPRFPRM command to prevent the following error message: "Text not available for message MLT0804 file QCPFMSG". This error previously occurred if the SUPGRPPRF value was not correct within the DetectIT Profile Maintenance located in Different Parameters/Different Systems.

  • The Network Traffic Controller Log Pre-Filtering logic ensures that the Global level filtering works successfully. Previously, the specific Application level Pre-Filtering worked but not at the Global level.

  • When using DetectIT Profile Maintenance, the Special Authority values associated with the User Profile attempting to perform the maintenance are verified to determine if that profile has the required authority values to complete the activity.

    For example, for User Profiles attempting to maintain any profile, All Special Authority values associated with the specific User Profile, its main Group Profile, and any Supplemental Group Profiles are used during DetectIT Profile Maintenance.

  • When retrieving the QHST log data, the program name within the DetectIT logs is populated with the correct value.

  • The MCH0603 received by MSC940B1 error message is no longer displayed when running the Print SQL requests report, MSP634.

  • When using the DetectIT DSPPRF command to output DetectIT Profile parameter details to an output file, the correct value for Activate in Software is now displayed in the DPACTD field. For profiles that are configured with Activate in Software set to P, the DPACTD field is now set to P for Partial activation of DetectIT menu processing only. The value within the DPACTD field should now match that as displayed within the DetectIT Profile Inquiry Details.

  • Updated the Help Text Panel Group for Set Up Auditing Details to provide information about *PTFOBJ and *PTFOPR. These values can be included in QAUDLVL and QAUDLVL2 System Values for auditing IBM related PTF activity.

May 2017

Version 14.4.8

User Profile Manager

  • General Enhancements
    • The password is no longer retrieved using Work With Export Profiles. Instead, the password is shown as “*SAME”.
  • Process Global Profile Parameter Templates by Group Profile. Global Profile Parameter Templates may now be maintained and processed using a Group Profile name. The administrator is able to maintain templates for the following ‘Profile Types’:
    • Specific Profile Name
     
    • Main Group
    as used on GRPPRF parameter
    • Supplemental Group
    as used on SUPGRPPRF parameter
  • Template Related Messages Sent to Logs. Messages are sent to DetectIT logs relating to the Profile Parameter Template processing:
    • ALC3243
    Parameter Template &2 type &3 used for profile &1
    Identifies the template name and associated (Profile) type
    • ALC3244
      type &4
    System &1 parameters updated for profile &2. Template &3
    Indicates which system record has been processed
    • ALT2310
    No suitable Profile Parameter Template found for profile &1

    For Message Id’s ALC3243 and ALC3244 a ‘Profile Type’ is included, by default to help identify the type of template used:

    • PROFILE
    Specific profile name
    • GROUP_MAIN
    Main Group Profile (i.e. based on CRTUSRPRF, GRPPRF parameter)
    • GROUP_SUPP
    Supplemental Group (i.e. based on CRTUSRPRF, SUPGRPPRF parameter)

Multiple Systems Administrator

  • Inactive Profiles Remain Enabled on HA/DR System. When a password is changed/updated within the network, the ‘Last used date’ of the IBM i profile on each remote system, is set to the current date. This prevents DetectIT from disabling the profile on a HA/DR system.
  • General Enhancements:
    • References to Older IBM Terminology Replaced. References to ‘AS/400’ and ‘OS/400’ have been replaced with ‘IBM i’ for some reports and interactive screens. The references that have been replaced were identified when reviewing the software as an end-user.
      • Message File, ALTMSGF01
        • Replaced ‘AS/400’ and ‘OS/400’ with ‘IBM i’
        • Replaced ‘PCM’ with ‘RCM’ (Message Id MLT0866)
      • DetectIT Message Id, ALT2301
        • Replaced ‘AS/400’ with ‘IBM i’
      NOTE: For a DetectIT upgrade, with ‘Transfer Data’ set to ‘Y’, the change to the DetectIT Message Id, ALT2301 is made to the stored version of the message text, not the user editable version.
  • Progress Messages for Background Jobs. Progress messages have been introduced for some background jobs. This allows operations and/or the administrator to confirm the status of specific jobs. Separate DetectIT Message Ids have been created to assist with the review:
    • ALC3245
    Start of Daily Reporting - &5. Job &4/&3/&2
    • ALC3246
    End of Daily Reporting - &5. Job &4/&3/&2
    • ALC3247
    Start of Data Collection - &5. Job &4/&3/&2
    • ALC3248
    End of Data Collection - &5. Job &4/&3/&2
    • LC3249
    A Start of Reporting - &5. Job &4/&3/&2
    • ALC3250
    End of Reporting - &5. Job &4/&3/&2
    • ALC3251
    Start of House Keeping - &5. Job &4/&3/&2
    • ALC3252
    End of House Keeping - &5. Job &4/&3/&2
    • ALC3253
    Start of Frequency Update - &5. Job &4/&3/&2
    • ALC3254
    End of Frequency Update - &5. Job &4/&3/&2
  • In-Line Processing for @MS File Reorganize. The menu option processing to reorganize physical files in @MS has been changed to prevent potential issues with file locks.
    Jobs are still submitted for each file with deleted records. However, instead of submitting 3 main jobs, all the required routines are run ‘in line’ within a single program. Previously, after the reorganize jobs had been submitted, the menu option processing would start both DetectIT subsystems. This could cause issues with file locks.
  • Documentation Updated for Version 14.4.8. All the shipped DetectIT documentation has been reviewed and updated to be compatible with version 14.4.8. This includes replacing the older IBM terminology such as AS/400, OS/400 etc., where applicable, with the current term(s).

Powerful User Passport

  • General Enhancements:
    • Message Action Item Visa Name Now Mixed Case: The Visa Name may now be entered in mixed (upper and lower) case within Message Action Item.

Bugs Fixed

  • Message Monitor indicates Action Item if message control is the only change from default values. Within the Message Monitor, a message would be shown as having an ‘Action Item’ even when ‘Message Control’ was the only value that was different from the defaults. ‘Message Control’ on its own does not determine a Message Action Item.
  • CPF3770 received by MSC326B at *N. The DSTALRTOBJ command processing program was not monitoring for CPF3770 when attempting to distribute an object that does not exist within the @MS library.
  • MSP77000 'DLTUSRPRF Values for Auto Deletion' does not delete all selected entries. When selecting Option 4 = Delete, the incorrect ‘Level’ value could be passed to the deletion API. This resulted in the API attempting to delete a non-existent entry.
  • Create new profile using Base On results in Error Message when QPWDLVL set to 3. When using the ‘Base On’ feature, the password for the new profile is cleared. With the way the password was processed, the password validation API was receiving a blank password instead of the user profile name.
  • Excessive amount of ALC2401 gets written into MSF192* files for file monitor open/close. A previous change to the file monitor data collection caused the File Open Message Id, ALC2401 to be written for every transaction that had at least one field change. It needed to be written when a change of file name was encountered.
  • Issue with updating timestamp for ALERTF2 job when using file monitor setup with user’s own journal. If the DetectIT default journal ALERTFILES, did not exist, the File Monitor data collection starting timestamp was not being updated.
  • Message about Backup DHM when attempt to delete system that is not the backup. Incorrect message displayed when attempt to delete a system that was not the Backup DHM.
  • ALERTF1 - CPF4128 Not able to allocate objects needed. The ALERTF1 could sit on MSGW due to Message Id CPF4128. This situation would occur if the Daily Reporting job ended before the submitted Reorganize Physical File job had completed.

September 2016

Version 14.4.7

Network Traffic Controller module

  • After adding a file into the File Monitor for read activity only, transactions are now available. Previously, no transactions could be located.
  • A previous change within 14.4.6 for SQL/ODBC data processing caused an MCH0601 error when using MS Excel/MS Access. This has been corrected with version 14.4.7.

Security Audit and Detection module

  • Transactions are now available after adding a file into the File Monitor for read activity only. Previously, no transactions could be located.
  • Text for Message Id MLT1055, relating to ‘Server security user information actions,’ ‘SO’ Entry Types have been updated to include the text “Entry type &19 for user &20.” This allows the actual activity to be viewed on the summary message.
    • The complete summary text now reads: “Server security user information actions. Entry type &19 for user &20.”
  • The word ‘available’ has been removed from Message Id MLT1853. This allows the full available length to be displayed as part of the error message. The message is shown within “Override Entry Type Data Storage Length” when the entered length is longer than that available.

Application System/Object Control module

  • Transactions are now available after adding file into the File Monitor for read activity only. Previously, no transactions could be located.
  • A previous change within 14.4.6 for SQL/ODBC data processing caused an MCH0601 error when using MS Excel/MS Access. This has been corrected with version 14.4.7.

Client/Server and Internet Control module

  • A previous change within 14.4.6 for SQL/ODBC data processing caused an MCH0601 error when using MS Excel/MS Access. This has been corrected with version 14.4.7.

Risk and Compliance Monitor module

  • The API to calculate the number of days between dates has been updated to allow for more than one leap year. Previously, the logic within the API assumed there would be only one leap year.

Powerful User Passport module

  • Correct maximum jobs calculation: The calculation for maximum number of jobs in which a user may have active profile swaps has been corrected.
  • Text for Message Id MLT1055 relating to ‘Server security user information actions,' ‘SO’ Entry Types has been updated to include the text “Entry type &19 for user &20.” This allows the actual activity to be viewed on the summary message.
    • The complete summary text now reads: “Server security user information actions. Entry type &19 for user &20.”
  • The word ‘available’ has been removed from Message Id MLT1853. This allows the full available length to be displayed as part of the error message. The message is shown within “Override Entry Type Data Storage Length” when the entered length is longer than that available.

General Enhancements

  • References to ‘AS/400’ and ‘OS/400’ have been replaced with ‘IBM i’ for some reports and interactive screens. The references that have been replaced were identified when reviewing the software as an end-user.

Bug Fixes

  • The routine used to calculate the number of days between two dates no longer assumes a single leap year.
  • Read events are now available to be reported when attempting to report read requests only.
  • The calculation no longer generates an incorrect result when attempting to limit the number of active swaps within a specific session.
  • Requests from MS Excel and/or MS Access no longer cause the Network Traffic Controller checking routine to fail with MCH0601 error.
  • In a Graphical module, an error has been resolved when adding a user in user administration when MSA (Multiple Systems Administrator) is not licensed and auto distribution has been turned on.