That should have been old school not cool, sorry Scott ford www.identityforge.com
Tell me and I'll forget; show me and I may remember; involve me and I'll understand. - Chinese Proverb On Sep 23, 2012, at 2:37 PM, Scott Ford <[email protected]> wrote: > John, > > I guess some places do not have a need or interest in RACF violations which I > don't understand, maybe I'm too old cool system programming > > Scott ford > www.identityforge.com > > Tell me and I'll forget; show me and I may remember; involve me and I'll > understand. - Chinese Proverb > > > On Sep 23, 2012, at 12:49 PM, John McKown <[email protected]> > wrote: > >> When we do the SMF processing, we use create the IRRADU00 output. We use >> Easytrieve Plus to read that to create report. We don't do much reporting. >> Nobody really cares anymore. I also download the data to my Linux desktop >> and compress it. I do ad-hoc reports from that. I also upload the >> compressed data back to a tape resident dataset, for backup. >> On Sep 23, 2012 11:41 AM, "Scott Ford" <[email protected]> wrote: >> >>> John, >>> >>> How do you track RACF violations and report on them ? >>> >>> Scott ford >>> www.identityforge.com >>> >>> Tell me and I'll forget; show me and I may remember; involve me and I'll >>> understand. - Chinese Proverb >>> >>> >>> On Sep 23, 2012, at 12:38 PM, John McKown <[email protected]> >>> wrote: >>> >>>> Took the easy way out. Superseded all ICH408I messages from SYSLOG which >>>> have USER( at the front of word two. I see no need for them. We use SMF >>>> records for reporting. >>>> On Sep 18, 2012 10:18 AM, "McKown, John" <[email protected]> >>>> wrote: >>>> >>>>> I have seen that. And other strange keying errors. PEBKAC. Now that you >>>>> mention it, I may use a CA-OPS/MVS rule to "blank out" portions of the >>>>> ICH408I messages. Say in the USER(...), GROUP(...) and NAME(...) >>> portions. >>>>> I don't use them anyway. I use the SMF records. >>>>> >>>>> -- >>>>> John McKown >>>>> Systems Engineer IV >>>>> IT >>>>> >>>>> Administrative Services Group >>>>> >>>>> HealthMarkets® >>>>> >>>>> 9151 Boulevard 26 • N. Richland Hills • TX 76010 >>>>> (817) 255-3225 phone • >>>>> [email protected] • www.HealthMarkets.com >>>>> >>>>> Confidentiality Notice: This e-mail message may contain confidential or >>>>> proprietary information. If you are not the intended recipient, please >>>>> contact the sender by reply e-mail and destroy all copies of the >>> original >>>>> message. HealthMarkets® is the brand name for products underwritten and >>>>> issued by the insurance subsidiaries of HealthMarkets, Inc. –The >>> Chesapeake >>>>> Life Insurance Company®, Mid-West National Life Insurance Company of >>>>> TennesseeSM and The MEGA Life and Health Insurance Company.SM >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: IBM Mainframe Discussion List [mailto:[email protected]] >>>>>> On Behalf Of Paul Gilmartin >>>>>> Sent: Tuesday, September 18, 2012 10:13 AM >>>>>> To: [email protected] >>>>>> Subject: Re: z/OS SYSLOG - why not let everybody read? >>>>>> >>>>>> On Tue, 18 Sep 2012 09:21:11 -0500, Elardus Engelbrecht wrote: >>>>>> >>>>>>> Ed Gould wrote: >>>>>>> >>>>>>>> 1. I have seen passwords on the syslog. >>>>>>> >>>>>>> Can you show any example(s) of such messages? Of course you can mask >>>>>> out the passwords before posting. ;-) >>>>>>> Was that by design [1] or by operator error? Was that a verbatim copy >>>>>> of some command? >>>>>> It's easy for a user to tab to the wrong field and inadvertently >>>>>> type a password in the user ID field. The user may correct the >>>>>> error and continue, not realizing that the password may now >>>>>> appear in SYSLOG. >>>>>> >>>>>> Mistake? Sure. Process violation? Sure. Security exposure >>>>>> nonetheless. >>>>>> >>>>>> -- gil >>>>>> >>>>>> ---------------------------------------------------------------------- >>>>>> For IBM-MAIN subscribe / signoff / archive access instructions, >>>>>> send email to [email protected] with the message: INFO IBM-MAIN >>>>> >>>>> >>>>> ---------------------------------------------------------------------- >>>>> For IBM-MAIN subscribe / signoff / archive access instructions, >>>>> send email to [email protected] with the message: INFO IBM-MAIN >>>> >>>> ---------------------------------------------------------------------- >>>> For IBM-MAIN subscribe / signoff / archive access instructions, >>>> send email to [email protected] with the message: INFO IBM-MAIN >>> >>> ---------------------------------------------------------------------- >>> For IBM-MAIN subscribe / signoff / archive access instructions, >>> send email to [email protected] with the message: INFO IBM-MAIN >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
