check

Purpose

The check command searches the FTM SWIFT database tables for suspicious changes and reports any findings.
Required access rights: User has to be a data integrity validator or a data integrity operator as described in Table 1
Predefined roles that provide required access rights: None

Format

Read syntax diagramSkip visual syntax diagram  dnpdic  -check -Djava.security.policy=<policy_file> -passphrase phrase -tabletable_name -rowid rowid -dsn data_source_name -schema schema -uid user_id -pw passwordEvent options -report  -force
Event options
Read syntax diagramSkip visual syntax diagram -instanceinstance -qmgrqmgrMQ client
MQ client
Read syntax diagramSkip visual syntax diagram  -host host  -channel channel  -port 1414 -portnumber -ciphersuitename -truststorefilename -fips
To display command help:
Read syntax diagramSkip visual syntax diagramdnpdic -help -h -check
Notes:
  • FTM SWIFT events are not written unless the instance's remote event service DNI_R_EVENT is running.
  • You must specify parameters -host, -channel, and -port only if you want the data integrity checker utility to connect to the queue manager specified by parameter -qmgr in client mode. If you omit these parameters, the data integrity checker utility connects in bindings mode.
  • You must specify parameters -ciphersuite, -truststore, and -fips only if you want to use SSL/TLS.

Parameters

-Djava.security.policy=policy_file
policy_file is the policy file that was provided for the runtime system. You can omit this parameter if your system administrator has added the required policies to the JVM default security properties file. For more information, see Java Policy files.
-passphrase phrase
The passphrase that the data integrity administrator specified when issuing the vault utility command create as described in activation of the data integrity framework, step 2.a.
Notes:
  • If you omit this parameter, the data integrity checker utility prompts for the passphrase.
  • Instead of specifying the phrase itself, you can also provide a stash file as described in Stash File Utility, for example:
    -passphrase @/var/ftm/swift/v324/run/passphrase.stash
-table table_name
Use this parameter if you want to verify a specific database table only.
-rowid rowid
Use this parameter if you want to verify a specific row of a database table only.
-dsn data_source_name
Specifies information about the connection to Db2®. Use one of the following notations:
  • Db2_database_name
  • //server:port/Db2_database_name
where:
Db2_database_name
The Db2 database name (for example, DNIDB)
server
The hostname or IP address of the Db2 server (for example, localhost)
port
The port of the Db2 server (for example, 50000)

If you do not specify this parameter, the first notation is used with the value of the environment variable DNI_DSN as Db2 database name.

-schema schema
The schema name of the tables in the FTM SWIFT runtime database. By default, the value of the environment variable DNI_SN is used.
-uid user_id
The user ID to be used when connecting to the FTM SWIFT runtime database. By default, this is the ID of the user who executes the command.
-pw password
The password of the user ID specified by the -uid parameter.
Notes:
  • If you omit this parameter, the data integrity checker utility prompts for the password.
  • Instead of specifying the password itself, you can also provide a stash file as described in Stash File Utility, for example:
    -pw @/var/ftm/swift/v324/run/db2.stash
-instance (or -in or -i) instance
The name of the FTM SWIFT instance used to write events. By default, the value of the environment variable DNI_I is used.
-qmgr qmgr
The name of the queue manager that is associated with the specified FTM SWIFT instance. By default, the value of the environment variable DNI_QM_instance is used.
-host host
The host name of the IBM MQ server on which the queue manager runs. Specify this parameter if you want the data integrity checker utility to connect to the queue manager in client mode instead of bindings mode.
-channel channel
The channel to be used to connect to the queue manager. Specify this parameter if you want the data integrity checker utility to connect in client mode instead of bindings mode.
-port number
The port number of the IBM MQ server on which the queue manager runs. Specify this parameter if you want the data integrity checker utility to connect in client mode instead of bindings mode. The default is 1414.
-ciphersuite name
The name of the SSL cipher suite to be used in client connections to the IBM MQ server on which the queue manager runs. Use the name of the SSL cipher suite that matches the SSL definition for the channel name used. Refer to the IBM MQ documentation, SSL CipherSpecs and CipherSuites in MQ classes for Java, for more information on cipher suite naming.
-truststore filename
The file name of a trust store which contains the certificate information of the IBM MQ queue manager. Refer to the IBM MQ documentation, Configuring SSL security for MQ, for details on how to set up SSL/TLS connections and certificate information.
-fips
Use this parameter to enable Federal Information Processing Standards (FIPS) conforming SSL/TLS operations.
-report
The report option can be used to display component specific details if potentially manipulated entries are detected. The report includes detailed information for potentially manipulated entries of the following tables:
  • DNF_OAMS
  • DNF_IAMS
The details include a reference labeled DisposeReference that can be used to remove the entry using the dispose command if necessary.
-force
Use the -force option to start the check command even if a concurrent DIC command has been detected (DNPD1265E). Before using the -force option, ensure that there is no data integrity checker operation still running.
-help or -h
Show the help text that describes the parameters.
Note: The parameter -keystore is deprecated. For compatibility reasons you can still specify it, but it is ignored during processing. The check command now uses the vault that was specified by the data integrity administrator when issuing the init command.

Return codes

The check command terminates with one of the following return codes:
Value Explanation
0 Command completed successfully. This implies that no manipulated or missing data was detected.
2 Processing was successful, but possibly manipulated or missing data was detected. For more information, see the FTM SWIFT event log.
4 No processing was done because an invalid parameter was specified.
8 An error condition occurred, for example the vault file could not be read. Check the console output and log files (for example: /var/ftm/swift/v324/run/trace/dic/*.trc) for additional information.
12 Processing terminated due to a fatal error. For more information, check the console output and log files (for example: /var/ftm/swift/v324/run/trace/dic/*.trc) for additional information.

Examples

The following command (issued on a single line) checks the integrity of all FTM SWIFT database tables identified by environment variables DNI_DSN (data source name) and DNI_SN (schema name); it prompts for the vault's pass phrase, uses Diane's credentials to connect to the database and writes events for instance INST1 on the local host by connecting to queue manager QM3 in client mode using port 1421 and connection channel SYSTEM.DEF.SVRCONN:
dnpdic -check -Djava.security.policy=/var/ftm/swift/v324/run/ftmswift.policy 
       -uid diane -pw dianes_password -i INST1 -qmgr QM3
       -host localhost -channel SYSTEM.DEF.SVRCONN -port 1421
The following command uses the -report option to display additional details for records failing integrity check. 
dnpdic -check -report -Djava.security.policy=/var/ftm/swift/v324/run/ftmswift.policy 
       -uid paul -pw pauls_password -i INST1 -qmgr QM7
       -host 192.168.122.185 -channel SYSTEM.DEF.SVRCONN -port 2421
The output generated by the data integrity checker utility contains sections as follows: 
 ...
DETAILS FOR RECORD FAILING DATA INTEGRITY CHECK
------------------------------------------------------------------
 DisposeReference: FINRECEIVE#2
------------------------------------------------------------------
 Type...........: FMT message (Incoming)
 OU.............: OU1
 MsgType........: 999
 Sender.........: PTSADEJJCXXX
 Receiver.......: PTSADEJJCXXX
 Reference (20).: test
 Session........: 0000
 Sequence number: 000002

MQ INFORMATION
------------------------------------------------------------------
 ID.............: 414d5120514236202020202020202020547f45ab26554d04

PAYLOAD
------------------------------------------------------------------
{1:F01PTSADEJJCXXX0000000000}{2:O9991211180925PTSADEJJCXXX00000000001809251211N}{4:
:20:test
:79:test
-}{5:{CHK:000000000000}}
...
The value marked with the label DisposeReference (here FINRECEIVE#2) can be used as value for the reference parameter in the dispose command.