Jason Cai wrote:
> We just want to know how IBM zSecure could alter specific events based on
> certain RACF information that is captured by SMF in real time without
> dumping SYS1.MANX
>> What do you mean by 'alter'? What are you trying to solve?
>I am sorry I have a typing error. I will correct 'alter ' to 'alert'
>so we want to know how IBM zSecure could alert specific events based on
>certain RACF information that is captured by SMF in real time without dumping
>SYS1.MANX .
Ok. Thanks for the clarification. You need IBM Security zSecure Alert and you
also need to be licensed for that beside the other base zSecure parts.
zSecure Alert issues alerts for important events relevant to the security of
the system at the time they occur.
You can collect data on the location and identity of the intruder while the
trail is hot. You also know when a global security setting is changed to turn
off logging for certain events to SMF.
It captures SMF data before it is written to the SMF log and WTOs so that you
can, for example, be notified the instant the SMF log becomes full.
Notifications can be sent in the following forms:
As an e-mail
As a text message to your pager or cell phone through an e-mail-based relay
As a WTO, which can be used to trigger your automated operations package
As an SNMP trap, which can be picked up by, for example, IBM Tivoli
Security Operations Manager or your network console
To the UNIX syslog
Please talk with your local IBMer about this.
Trusting this will help you.
Groete / Greetings
Elardus Engelbrecht
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
