Hello Paul, this message would probably not help very much. People quite often restore files from one machine to a different one. This is possible if you know nodename and password and can be done without access as administrator. What I would like to get is a clear indication that someone accessed data using an administrator id. Best regards Gerhard
--- Gerhard Rentschler email:[EMAIL PROTECTED] Regional Computing Center tel. ++49/711/685 5806 University of Stuttgart fax: ++49/711/682357 Allmandring 30a D 70550 Stuttgart Germany > -----Original Message----- > From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] Behalf Of > Baines, Paul > Sent: Friday, March 28, 2003 12:28 PM > To: [EMAIL PROTECTED] > Subject: Re: Client login with admin id and password > > > I just noticed this information message in TSM server 5.1.6.1: ANR1639I. > This seems to be an indication that a nodes IP address has > changed. Look at > the last three fields in a q node xxxx f=d. This message could > then be sent > to your monitoring software or you could run a daily script against the > actlog table to search for it, then you have a list of any client > connections that could be possible security breaches. I haven't > tested this, > just noticed it this second, but it looks like a nice feature. >
