It is probably overkill for your situation but I am responsible for a commercial product that will send exactly that sort of event in real-time to your network security operations center. You could then fairly trivially configure the SOC software (such as HP ArcSight ESM) to generate a real-time alert -- such as a text message to your cellphone -- when the event occurred.
https://correlog.com/solutions-and-services/sas-correlog-mainframe.html Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Cifani, Domenic Sent: Friday, June 13, 2014 2:37 PM To: [email protected] Subject: How to determine what USER is using a IP address I'm working on an issue with Telnet on z/os 1.13. I have a user somewhere connecting to the mainframe TCPIP IP using a bypass IP address. We are supposed to be using a SAG sever to connect to the desktop server, however the mainframe is reachable by DNS ip which is for backup emergency purpose only. Does anyone know of a way I can trap when a Telnet session has been created on port 23 with a specific IP address? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
