Question & Answer
Question
What data must be gathered to document a problem with any member of the zSecure suite when reporting a problem to IBM?
Cause
Any issue regarding a zSecure product or function that requires the diagnosis assistance of IBM Support.
Answer
Collecting troubleshooting data early, even before opening the case, helps IBM® Support quickly determine ehrther:
- Symptoms match known problems (rediscovery).
- There is a nondefect problem that can be quickly identified and resolved.
- A workaround exists which can reduce current severity.
For all zSecure products, provide a concise problem description that includes a timeline, sequence of events, and error messages issued by zSecure, the underlying security product or any other component involved in the problem. It is also important to submit the correct product version and current level of maintenance. If a system dump (SVC dump) is captured, include its title and save it as it might be required for detailed diagnosis.
Provide information on whether you are upgrading zSecure or applying maintenance when the issue appeared. Provide the PTFs that were applied during maintenance, if applicable.
Has this product worked previously? If so, what has changed since the product last worked properly?
Table of Contents:
zSecure Adapters for SIEM
zSecure Admin
zSecure Alert
zSecure Audit
zSecure CICS Toolkit
zSecure Command Verifier
zSecure Manager for RACF on z/VM
zSecure Visual
Sending Large Files
Submitting Information to IBM Support
Online Self-Help Resources
Related Information| zSecure Adapters for SIEM |
- You need to let IBM Support know whether you are licensed to run ONLY the Adapters for SIEM, or if you also run other products in the zSecure suite such as Audit, Alert, and/or Admin.
- Where are you seeing the problem? Provide the most recent sysprint from the problem job. If only licensed for zSecure Adapters, provide the output from the sample job for creating data (CKQJLEEF).
Home
| zSecure Admin |
ISPF UI SYSPRINT
The most common information that support will ask for is the sysprint. To obtain the sysprint from the ISPF UI, exit the current report or display and type results on the command line. This will display the Results panel, and from there you can save any important results with the W line command, for Write. For the sysprint, use the W line command and save it to a data set of your choice. This data set can then be sent in to support.
-For Admin ISPF errors, send in screen captures and the session sysprint.
-Sending in the output from the CKFCOLL job used in creating your current CKFREEZE file is something support asks for frequently. This job output will show whether your CKFREEZE contains all needed and relevant information to your problem.
-Depending on what your problem is you might also want to send in DB2 level and audit information, system load at the time of your problem, and a syslog covering the time period of the problem.
-A copy of your CKFREEZE can sometimes be requested by support. See 'Sending Large Files' for information on how to do this.
-Check preexisting PTFs for any that might relate to your problem.
Home
| zSecure Alert |
-Describe the nature of your problem. Are you using Top Secret, ACF2, or RACF? Does Alert properly start without an abend? If it starts, can you perform a Verify and Refresh via a line command on the SE.A.A panel? If not what errors do you receive? Be sure to save off a sysprint for submission to zSecure Support. -Is there a particular Alert number that is not properly alerting you when you believe it should?
-Sending in your C2PCUST data set can be very useful for issues with Alert, and can sometimes be requested by Support. See 'Sending Large Files' for information on how to do this.
-This technote might prove useful, Why is zSecure Alert not reporting some selected alerts?
-Whether you are using Top Secret, RACF, or ACF2, check preexisting PTFs for any that might relate to your problem.
Home
| zSecure Audit |
-Describe the nature of your problem. Are you running ACF2, RACF, or Top Secret? What part of Audit is your problem associated with? For example, this might be status(AU.S) or compliance testing(AU.R).
-If compliance, provide the subset of rules you are testing against as well and note the individual failing rules. Check out our fixes by version page for any new PTFs relating to compliance testing.
-Ensure that your CKFREEZE is up to date (less than a day old) and provide the complete output from the CKFCOLL job used to create the CKFREEZE file.
Home
| zSecure CICS Toolkit |
-Along with the zSecure CICS Toolkit release and maintenance level, you will need to provide the underlying z/OS and CICS release information.
-Provide the JCL and job log for any reports/jobs involved, and also include screen captures that might contain any relevant output or messages.
-Check preexisting PTFs for any that might relate to your problem.
Home
| zSecure Command Verifier |
-Provide both the expected behavior of zSecure Command Verifier and the actual behavior you are experiencing. Send the output that shows what you are experiencing that is not as expected. -Check preexisting PTFs for any that might relate to your problem.
Home
| zSecure Manager for RACF on z/VM |
-Provide Installation - Defined settings (CKRSITE load library), and CKVECOLL parameters specified when creating your active CKFREEZE.
-Your active C2R$PARV configuration profile and any relevant SMF data is also useful in diagnosing problems.
-Check preexisting PTFs for any that might relate to your problem.
Home
| Security zSecure Visual Server |
-Provide information on your server as a whole. This information can be found in about-server.box inside the run subdirectory. You can also find this information from the Server Information option of the Help menu.
-Your Security zSecure Visual Server logs (bbracf.log and server.log), are found in the log subdirectory within the server's root directory. This directory is identified by the C2RSERVE parameter in the C2R$PARM file used by theSecurity zSecure Visual Server.
You can use the c2rdiag command to collect diagnostic information, which includes logs and other information, for sending to support. This is executed by navigating to the server's root directory and running the command ./bin/c2rdiag and creates file, C2Rdiag_dump_xxxx.tar (where xxxx represents a time stamp) which you can then transfer to IBM in binary mode. Do not run c2rdiag from the <server_root>./bin subdirectory.
*Note c2rdiag must be run under a userid with root authority*
-The SYSPRINT from the last CKRCARLA run, the CKGPRINT from the last CKGRACF run, and the commands issued are available through the client's communication window.
-The MVS syslog surrounding the time of the error can also help.
-Check preexisting PTFs for any that might relate to your problem.
Home
| Submitting Information to IBM Support |
After a Case is open, you can submit data files to IBM using one of the following methods:
- -FTP: Use this link for instructions on how to send data via FTP for My Support cases: FTP instructions
Additional information for z/OS data is also available at this link.
-Email: If FTP is not possible, or if files are <2MB, use the email ecurep@ecurep.ibm.com.
To email, follow these conventions:
Email small files (<2MB) to ibmsecurity_support@ecurep.ibm.com. The subject line must follow this format - TSaaaaaaaaa xxxx
Where aaaaa = Case number, xxx = Descriptive text for the file
Your IBM Support Case is updated when either an email or file arrives, but only if the naming convention for the subject or file is followed. If you do not follow the specified naming convention, the email or file will be stored incorrectly and will effectively be lost.
Home
| Sending Large Files |
When submitting large files to Support, some additional steps might be needed.
Submitting a CKFREEZE, UNLOAD, SMF, or C2PCUST data set:
1) Execute the following TSO command to put the CKFREEZE/UNLOAD/SMF/C2PCUST file into XMIT format.
NOTE: SMF data sets might not need to be placed in XMIT format unless the support analyst requests you to do so. These SMF data sets can be tersed and sent to IBM. Send the DCB parameters of your SMF data sets to the support analyst for instructions before sending the SMF data to IBM.
XMIT x.x DATASET('my.file') OUTDATASET('my.file.xmit')
(the notation of "x.x" is just a dummy required operand acting as a place holder, as the output is going to a data set, not a network destination)
2) Then execute TRSMAIN against the data set "my.file.xmit", giving an output data set name the low-level qualifier of "TRS" (for example, "my.file.xmit.trs").
3) Transmit using FTP in binary mode by using the previously provided information and instructions.
Home
| Online Self-Help Resources |
- Review up-to-date product information at the zSecure support page. (Enter the zSecure product you are looking for within the product finder search bar).
- Access online content on supported versions of the zSecure Suite using the IBM Documentation Web Page.
Home
| Related Information |
Recommended Fixes:
- zSecure Base (can include Admin, Audit, Alert, Visual, and Adapters for SIEM)
- zSecure Audit for ACF2
- zSecure Command Verifier
- zSecure CICS Toolkit
- zSecure Manager for RACF on z/VM
- zSecure Visual
Home
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSATXH","label":"IBM Security zSecure Suite"},"ARM Category":[{"code":"a8m500000008ZPYAA2","label":"zSecure"}],"ARM Case Number":"","Platform":[{"code":"PF032","label":"VM"},{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"ARM Category":[{"code":"a8m0z000000GoZqAAK","label":"zSecure Admin-\u003ETroubleshooting"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPN95","label":"IBM Security zSecure Audit"},"ARM Category":[{"code":"a8m0z000000GoZ2AAK","label":"zSecure Audit-\u003ETroubleshooting"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPLQS","label":"IBM Security zSecure Alert"},"ARM Category":[{"code":"a8m0z000000GoZMAA0","label":"zSecure Alert-\u003ETroubleshooting"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRPQG","label":"IBM Security zSecure CICS Toolkit"},"ARM Category":[{"code":"a8m0z000000GoYTAA0","label":"zSecure CICS Toolkit-\u003ETroubleshooting"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRM9V","label":"IBM Security zSecure Command Verifier"},"ARM Category":[{"code":"a8m0z000000bm8XAAQ","label":"zSecure Command Verifier-\u003ETroubleshooting"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCHPT","label":"IBM Security zSecure Adapters for SIEM"},"ARM Category":[{"code":"a8m0z000000GoWhAAK","label":"zSecure Data Preparation for SIEM-\u003ETroubleshooting"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRMQU","label":"IBM Security zSecure Visual"},"ARM Category":[{"code":"a8m0z000000GoYYAA0","label":"zSecure Visual-\u003ETroubleshooting"}],"Platform":[{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSQQGJ","label":"IBM Security zSecure Manager for RACF z\/VM"},"ARM Category":[{"code":"a8m0z000000Goi9AAC","label":"zSecure Manager for RACF z\/VM-\u003ETroubleshooting"}],"Platform":[{"code":"PF037","label":"z\/VM"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
24 May 2022
UID
swg21980023