I am looking at SMF 119 subtypes 94 and 95 and they appear to me to be darned near useless. Someone please tell me that I am missing something.
Sure, there are all the characteristics of the SSH security. But there is no IP address, no (useful) userid, and no session correlator of any kind. So you know that someone used SSH to do something using particular encryption. But you don't know who, where they connected from or to, or what they did. What is the value? Am I missing something? (Yes, I know about subtypes 96 - 98. I'm not talking about them. I'm asking the value of subtypes 94 and 95.) Charles ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
