CCSS Addresses SOX Requirements in QMessage Monitor
April 24, 2007 Alex Woodie
There’s a lot of stuff sitting in your logs that auditors would like to know about. But sometimes it can be a pain to get to them, and even more of a pain to store them. i5/OS systems management tool developer CCSS is addressing this market need with a new release of QMessage Monitor that facilitates easy archiving, removal and printing of the message history. The new release also provides better monitoring of FTP activity, among other features.
QMessage Monitor is a message management solution for single- and multi-site OS/400 and i5/OS implementations. The software constantly watches a variety of i5/OS message logs, and journals (CCSS claims it watches “all messages”) so operators don’t have to. A range of filtering options ensure that the most critical messages are brought to somebody’s attention, via the Windows-based console or through paging and alerts, while escalation procedures ensure a response to critical messages.
The latest release of QMessage Monitor, version 6.064, focuses on the “message history” component of the tool with three new commands dealing with archiving, message removal, and printing.
The first new command, MMARCLOG, splits the message history into members that can be easily accessed for the purpose of archiving to tape or running queries. This command works without taking QMessage Monitor offline, ensuring availability of the critical system journal.
CCSS says the MMARCLOG command is especially useful when i5/OS shops need to isolate particular messages and manage them according to pre-defined rules, such as those established for Sarbanes-Oxley compliance. By offloading critical journal messages to tape, it enables IT staff to delete the message from the system, thereby reducing hard disk requirements and saving money.
Administrators can also free up disk space using the second new command, MMARCRMV. This command deletes previously defined members within the history log, and can act as a sort of “mini purge” to provide valuable disk space. The members can be added back to the file for analysis later, if required, CCSS says.
The third and final new command, MMLOGINQ, creates a hard copy print out of the results, enabling administrators to document compliance with or an infraction of the security policy.
This release also brings QMessage Monitor the capability to scrutinize outbound FTP requests originating on System i machines. The product performs outbound FTP monitoring in real time, and is tied in to QMessage Monitor’s escalation procedures, ensuring that administrators are quickly notified of the FTP activity. A full audit trail is also kept of the FTP activities.
The final new enhancement is centered on the message rules and escalation procedures. With this release, users who have categorized their iSeries and System i machines into sub-categories (such as by geography) can now set up QMessage Monitor’s “auto replies” messaging rules based on those groupings. CCSS says this feature will save users time by creating a single record for the group rather than separate auto-replies for each system.
QMessage Monitor version 6.064 is available now. The product is priced by the CPW rating of the server it runs on, with no additional fees for multiple LPARs. Pricing ranges from $3,000 to $40,000. For more information, see www.ccssltd.com.