IBM Support

OA51849: GENERATED LEEF DATA HAS INVALID BINARY DATA FROM SOURCE SMF DATA

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The generated LEEF file contains binary data that is present in
    the source SMF data.  The data should be translated to
    printable characters.
    

Local fix

  • To circumvent this issue for SMPSCDS member related SMF data by
    coding the following in CKRPARM(CKQXES):
    
    exclude exists(member) dsn=:".SMPSCDS"
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit exploiting the        *
    *                 software to prepare data for QRadar SIEM.    *
    ****************************************************************
    * PROBLEM DESCRIPTION: The zSecure Audit QRadar SIEM interface *
    *                      might generate LEEF files that contain  *
    *                      records with PDS/PDSE member names that *
    *                      cause parsing errors in QRadar SIEM.    *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When the zSecure Audit QRadar SIEM interface processes SMF data
    that contain PDS/PDSE data sets with member names in binary
    form, the generated LEEF file contains characters that cause
    parsing errors issued by QRadar SIEM.
    

Problem conclusion

  • The zSecure Audit QRadar SIEM interface has been modified so
    that the binary PDS/PDSE member names are translated to a
    hexadecimal form in the generated LEEF files.
    Please not the documentation changes as provided by the APAR
    tracking comment data.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA51849

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    220

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-01-03

  • Closed date

    2017-02-10

  • Last modified date

    2017-03-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA91043 UA91044

Modules/Macros

  •    CKACICS  CKASINT  CKASMF77 CKNSERVE CKQLEEF
    CKQLEEFL CKRCARL@ CKRFMT   CKRINMO  CKROUNIT GKRCARL@ GKRCICS
    GKRFMT   GKRINMO  GKROUNIT GKRSINT  GKRSMF77
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R220 PSY UA91043

       UP17/02/13 P F702

  • R221 PSY UA91044

       UP17/02/13 P F702

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"220","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
01 March 2017