CCSS Digs Deeper Into the Audit Journal to Yield Clues
October 5, 2010 Alex Woodie
IBM i shops that use the QMessage Monitor (QMM) tool from CCSS recently gained access to several new capabilities that will improve the way they monitor important processes, including high availability, BRMS-based backups, and security events. The new features stem from the product’s better understanding of events tracked in the IBM i audit journal.
Quicker resolution of a problem with IBM i high availability replication is one of the goals of a new feature CCSS built into QMM. The company says the product now has the capability to access more data from the audit journal than it previously could, and that this data can be crucial for a speedy resolution of the problem. What’s more, the company says that QMM can now access the important data about changed objects, even if some of it is stored in the IFS, which would ordinarily limit QMM’s insight into what happened.
Another new feature has to do with the detection of erroneous user passwords. When an incorrect password is entered, the audit journal will (sometimes) be able to log the IP address of the computer where the password was typed, CCSS says. Thanks to QMM’s deeper integration of the audit journal, the QMM product can now display the IP address (if it’s available), which will help the administrators determine if the incorrect password was a legitimate user error, or evidence of an outside attack against the system.
CCSS product manager Paul Ratchford says these two enhancements “bring a new level of immediate information” to users. In many cases, “a multi-step process of investigation or elimination can be dispensed with. All the information they need is at hand.”
Two other new features were also unveiled by the U.K.-based IBM i systems management specialist. A new interface for BRMS will make information from IBM i’s built-in backup and recovery utility readily available to QMM, including message escalation procedures. QMM will also be able to view any relevant information from BRMS, including message queues, IDs, dates, and jobs. Previously, CCSS supported BRMS with QSystem Monitor, its flagship systems management offering.
Lastly, QMM gains more flexibility in the configuration of automatically generated e-mails. Prior to this release, users could only configure the header portion of an e-mail automatically generated by QMM in response to an event. Now, the body of the e-mails can also be used to communicate information.