Re: How turn on GSK trace for batch job that is controlled by PAGENT?

Mon, 09 Oct 2023 00:19:19 -0700 

For the command, see the IP admin commands book page 184 in old money or
online
<https://www.ibm.com/docs/en/zos/2.5.0?topic=command-modify-policy-agent>

f pagent,refresh

You can set up a pagent definition just for your batch FTPjob with its
trace configured

Ive used this for RSE

You can specify the port usage, and/or jobname

TTLSRule                      RSED
{
  LocalPortRange              6800
 Jobname                     RSE*
  Direction                   INBOUND
  TTLSGroupActionRef          RSEDGA
  TTLSEnvironmentActionRef    ZZEA


#  *old ... *TTLSConnectionActionRef     RSEDCA
*TTLSConnectionActionRef     TRACERSEDCA*


*}*
-  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
TTLSConnectionAction              *TRACERSEDCA*
{
  TTLSCipherParmsRef              TLS13TLS12
  TTLSSignatureParmsRef           ZZESigParms
  TTLSConnectionAdvancedParmsRef  RSEDCOonAdvParms
  CtraceClearText                 Off
  *Trace                           50 *
}
# no trace situation
TTLSConnectionAction              RSEDCA
{
  TTLSCipherParmsRef              TLS13TLS12
  TTLSSignatureParmsRef           ZZESigParms
  TTLSConnectionAdvancedParmsRef  RSEDCOonAdvParms
  CtraceClearText                 Off
  *Trace                           0 *
}

On Sun, 8 Oct 2023 at 22:29, Charles Mills <[email protected]> wrote:

> I am trying to get a GSK trace for a batch FTP job, where PAGENT AT-TLS
> controls the TLS connection.
>
> I follow the example here
> https://www.ibm.com/support/pages/how-do-you-collect-ssl-trace-using-batch-job
> but no trace data is produced. I am guessing that is because of PAGENT
> AT-TLS. (The example is from 2015.) Can anyone confirm or deny?
>
> So how DO I get a GSK trace of a job that uses PAGENT-controlled TLS?
>
> I see @Colin's discussion here
> https://colinpaice.blog/2022/05/31/trace-pagent-and-at-tls/ but for
> obvious reasons I would just as soon not (a.) take down PAGENT and restart
> it two or more times; and (b.) trace all PAGENT AT-TLS sessions, not just
> mine.
>
> Or should this work and I am just doing something stupid?
>
> Charles
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
>

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to