Here's a connection without a security server, likely the terminal name will be reassigned before dhcp is an issue.
ENTER VTAM COMMAND d net,id=TC4P0007,e IST097I DISPLAY ACCEPTED IST075I NAME = UMBINET.TC4P0007 , TYPE = DYNAMIC APPL IST486I STATUS= ACT/S , DESIRED STATE= ACTIV IST1447I REGISTRATION TYPE = CDSERVR IST1629I MODSRCH = NEVER IST977I MDLTAB=***NA*** ASLTAB=***NA*** IST861I MODETAB=ISTINCLM USSTAB=***NA*** LOGTAB=***NA*** IST934I DLOGMOD=D4C32XX3 USS LANGTAB=***NA*** IST1632I VPACING = 7 IST1938I APPC = NO IST597I CAPABILITY-PLU ENABLED ,SLU ENABLED ,SESSION LIMIT 00000001 IST231I APPL MAJOR NODE = AKCTCP40 IST1425I DEFINED USING MODEL TC4????? IST654I I/O TRACE = OFF, BUFFER TRACE = OFF IST1500I STATE TRACE = OFF IST271I JOBNAME = TN3270D , STEPNAME = TN3270D , DSPNAME = IST25275 IST1050I MAXIMUM COMPRESSION LEVEL - INPUT = 0 , OUTPUT = 0 IST1633I ASRCVLM = 1000000 IST1634I DATA SPACE USAGE: CURRENT = 0 MAXIMUM = 0 IST1669I IPADDR..PORT 172.19.32.46..3987 *** 816.860.1149 desk 816.686.1536 cell Dear All, We had a user trying to logon using somebody's elses user-id, and he accidently (or on purpose) enter a wrong password for more than 3 times, that caused that id to actually revoked by RACF. Is there a way to trace that back to the computer names/IP? So we can know for sure who or at least from whose terminal that does that? We saw the syslog and sees something like this M 0080000 ESAT 08218 16:31:53.52 00000294 ICH408I USER(USERID1 ) GROUP(APLIDS1 ) NAME(USER ID ONE NAME ) 855 E 855 00000294 LOGON/JOB INITIATION - INVALID PASSWORD ENTERED AT TERMINAL GI15126 M 0080000 ESAT 08218 16:31:54.25 00000294 ICH408I USER(USERID1 ) GROUP(APLIDS1 ) NAME(USER ID ONE NAME ) 856 E 856 00000294 LOGON/JOB INITIATION - INVALID PASSWORD ENTERED AT TERMINAL GI15126 M 0080000 ESAT 08218 16:31:54.99 00000294 ICH408I USER(USERID1 ) GROUP(APLIDS1 ) NAME(USER ID ONE NAME ) 857 E 857 00000294 LOGON/JOB INITIATION - INVALID PASSWORD ENTERED AT TERMINAL GI15126 M 0080000 ESAT 08218 16:31:55.69 00000294 ICH408I USER(USERID1 ) GROUP(APLIDS1 ) NAME(USER ID ONE NAME ) 858 E 858 00000294 LOGON/JOB INITIATION - INVALID PASSWORD ENTERED AT TERMINAL GI15126 M 0080000 ESAT 08218 16:31:56.52 00000294 ICH408I USER(USERID1 ) GROUP(APLIDS1 ) NAME(USER ID ONE NAME ) 859 E 859 00000294 LOGON/JOB INITIATION - INVALID PASSWORD ENTERED AT TERMINAL GI15126 M 0080000 ESAT 08218 16:31:57.35 00000294 ICH408I USER(USERID1 ) GROUP(APLIDS1 ) NAME(USER ID ONE NAME ) 860 E 860 00000294 LOGON/JOB INITIATION - EXCESSIVE PASSWORDS OR INACTIVE USER The terminal GI15126 is IP POOLed Terminal, dynamic depending on the request. It stays on somebodys's emulator until he/she closes it. So if I want to know, during this time terminal GI15126 is being opened by whose PC's name/IP how? Any help and suggestion is highly appreciated. Thank you Regards, Frans ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ------------------------------------------------------------------------------ NOTICE: This electronic mail message and any attached files are confidential. The information is exclusively for the use of the individual or entity intended as the recipient. If you are not the intended recipient, any use, copying, printing, reviewing, retention, disclosure, distribution or forwarding of the message or any attached file is not authorized and is strictly prohibited. If you have received this electronic mail message in error, please advise the sender by reply electronic mail immediately and permanently delete the original transmission, any attachments and any copies of this message from your computer system. Thank you. ============================================================================== ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
