D net,id=GI15126,e might give the ip unless you are using a security server; be quick. >From the ip you might identify a pac.
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of McKown, John Sent: Thursday, August 07, 2008 12:22 PM To: [email protected] Subject: Re: Tracing from a Terminal/Netname > -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of FRANSISCUS KAURRANY > Sent: Thursday, August 07, 2008 12:07 PM > To: [email protected] > Subject: Tracing from a Terminal/Netname > > Dear All, > > We had a user trying to logon using somebody's elses user-id, and he > accidently (or on purpose) enter a wrong password for more > than 3 times, > that caused that id to actually revoked by RACF. > > Is there a way to trace that back to the computer names/IP? So we can > know for sure who or at least from whose terminal that does that? > > > > We saw the syslog and sees something like this > [snip] > > The terminal GI15126 is IP POOLed Terminal, dynamic depending on the > request. It stays on somebodys's emulator until he/she closes it. > > So if I want to know, during this time terminal GI15126 is > being opened > by whose PC's name/IP how? > > Any help and suggestion is highly appreciated. > > Thank you > > Regards, > > Frans If you have the SMF type 119 records turned on, then you could try to find the connect record for that LU name in the given time period. I.e. start at the time the error occurred and go back in time until you find the first connection record for that LU. One problem: if the IP address is assigned via DHCP (as most are anymore), then the IP address may be insufficient to track down the perp. Most DHCP servers don't bother to log an IP address vs. MAC address association. No, I don't have such a routine. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ------------------------------------------------------------------------------ NOTICE: This electronic mail message and any attached files are confidential. The information is exclusively for the use of the individual or entity intended as the recipient. If you are not the intended recipient, any use, copying, printing, reviewing, retention, disclosure, distribution or forwarding of the message or any attached file is not authorized and is strictly prohibited. If you have received this electronic mail message in error, please advise the sender by reply electronic mail immediately and permanently delete the original transmission, any attachments and any copies of this message from your computer system. Thank you. ============================================================================== ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
