IBM Support

OA52576: FIELD TERMINAL IS NOT PRESENT IN THE LEEF OUTPUT OF SMF TYPE 119 RECORDS AND SHOULD BE INCLUDED

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • ERROR DESCRIPTION:Ø
    When running the CKQCLEEF or CKQJLEEF jobs, the TERMINAL field
    is not added to the output of SMF Type 119 records although it
    is added for Type 118 records
    

Local fix

  • LOCAL FIX:Ø
    N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit exploiting the        *
    *                 software to prepare data for QRadar SIEM.    *
    ****************************************************************
    * PROBLEM DESCRIPTION: The zSecure Audit QRadar SIEM interface *
    *                      does not generate the 'terminal' field  *
    *                      for SMF records type 119.               *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    The zSecure Audit QRadar SIEM interface does not generate the
    'terminal' field for the following SMF records:
     - type 119 sub-type 2 written by TN3270E Telnet server;
     - types 118 and 119 (TCP/IP Statistics);
     - 'IP connection data of type 119 plus tunnels plus SSH logon
       fail;
     - type 118 sub-types 1 and 2 (TCP API
       initialization/termination);
    

Problem conclusion

  • The zSecure Audit QRadar SIEM interface has been modified so
    that the 'terminal' field is written to a QRadar LEEF file for
    the following SMF events:
     - type 119 sub-type 2 written by TN3270E Telnet server;
     - types 118 and 119 (TCP/IP Statistics);
     - 'IP connection data of type 119 plus tunnels plus SSH logon
       fail;
     - type 118 sub-types 1 and 2 (TCP API
       initialization/termination);
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA52576

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    221

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-04-18

  • Closed date

    2017-07-07

  • Last modified date

    2017-08-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA92574

Modules/Macros

  •    CKASMF77 CKQLEEF  CKQLEEFL C2ELEEF  GKRSMF77
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R221 PSY UA92574

       UP17/07/13 P F707

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"221","Edition":""}]

Document Information

Modified date:
01 August 2017