IBM Support

MUST GATHER: Collecting Troubleshooting Data for the zSecure Suite of Products

Question & Answer


Question

What data must be gathered to document a problem with any member of the zSecure suite when reporting a problem to IBM?

Cause

Any issue regarding a zSecure product or function that requires the diagnosis assistance of IBM Support.

Answer


Collecting troubleshooting data early, even before opening the case, helps IBM® Support quickly determine ehrther:
  1. Symptoms match known problems (rediscovery).
  2. There is a nondefect problem that can be quickly identified and resolved.
  3. A workaround exists which can reduce current severity.
For all zSecure products, provide a concise problem description that includes a timeline, sequence of events, and error messages issued by zSecure, the underlying security product or any other component involved in the problem. It is also important to submit the correct product version and current level of maintenance. If a system dump (SVC dump) is captured, please include its title and save it as it might be required for detailed diagnosis.
Provide information on whether you are upgrading zSecure or applying maintenance when the issue appeared. Provide the PTFs that were applied during maintenance, if applicable. 
Has this product worked previously? If so, what has changed since the product last worked properly?


Table of Contents:

zSecure Adapters for SIEM
zSecure Admin
zSecure Alert
zSecure Audit
zSecure CICS Toolkit
zSecure Command Verifier
zSecure Manager for RACF on z/VM
zSecure Visual

Sending Large Files
Submitting Information to IBM Support
Online Self-Help Resources
Related Information
 
zSecure Adapters for SIEM

- You need to let IBM Support know whether you are licensed to run ONLY the Adapters for SIEM, or if you also run other products in the zSecure suite such as Audit, Alert, and/or Admin.


- Where are you seeing the problem? Provide the most recent sysprint from the problem job. If only licensed for zSecure Adapters, provide the output from the sample job for creating data (CKQJLEEF).
Home
 
zSecure Admin

-For Admin ISPF errors, send in screen captures and the session sysprint.

-Sending in the output from the CKFCOLL job used in creating your current CKFREEZE file is something support asks for frequently. This job output will show whether your CKFREEZE contains all needed and relevant information to your problem.


-Depending on what your problem is you might also want to send in DB2 level and audit information, system load at the time of your problem, and a syslog covering the time period of the problem.

-A copy of your CKFREEZE can sometimes be requested by support. See 'Sending Large Files' for information on how to do this.

-Check preexisting PTFs for any that might relate to your problem.

Home
 
zSecure Alert

-Describe the nature of your problem. Are you using Top Secret, ACF2, or RACF? Does Alert properly start without an abend? If it starts, can you perform a Verify and Refresh via a line command on the SE.A.A panel? If not what errors do you receive? Be sure to save off a sysprint for submission to zSecure Support.

-Is there a particular Alert number that is not properly alerting you when you believe it should?

-Sending in your C2PCUST dataset can be very useful for issues with Alert, and can sometimes be requested by Support. See 'Sending Large Files' for information on how to do this.

-This technote might prove useful, Why is zSecure Alert not reporting some selected alerts?

-Whether you are using Top Secret, RACF, or ACF2, check preexisting PTFs for any that might relate to your problem.

Home
 
zSecure Audit

-Describe the nature of your problem. Are you running ACF2, RACF, or Top Secret? What part of Audit is your problem associated with? For example, this might be status(AU.S) or compliance testing(AU.R).

-If compliance, provide the subset of rules you are testing against as well as the individual failing rules. Check out our fixes by version page for any new PTFs relating to compliance testing.

-Ensure that your CKFREEZE is up to date (less than a day old) and provide the complete output from the CKFCOLL job used to create the CKFREEZE file.

Home
 
zSecure CICS Toolkit

-Along with the zSecure CICS Toolkit release and maintenance level, you will need to provide the underlying z/OS and CICS release information.

-Provide the JCL and joblog for any reports/jobs involved, and also include screen captures that might contain any relevant output or messages.

-Check preexisting PTFs for any that might relate to your problem.

Home
 
zSecure Command Verifier

-Please provide both the expected behavior of zSecure Command Verifier and the actual behavior you are experiencing. Send the output that shows what you are experiencing that is not as expected.

-Check preexisting PTFs for any that might relate to your problem.

Home
 
zSecure Manager for RACF on z/VM

-Please provide Installation - Defined settings (CKRSITE load library), and CKVECOLL parameters specified when creating your active CKFREEZE.

-Your active C2R$PARV configuration profile as well as any relevant SMF data is also useful in diagnosing problems.

-Check preexisting PTFs for any that might relate to your problem.

Home
 
zSecure Visual

-Please provide information on your server as a whole. This information can be found in about-server.box inside the run subdirectory. You can also find this information from the Server Information option of the Help menu.

-Yje zSecure Visual Server logs (bbracf.log and server.log), are found in the log subdirectory within the server's root directory. This directory is identified by the C2RSERVE parameter in the C2R$PARM file used by the zSecure Visual Server.

You can use the c2rdiag command to collect diagnostic information, which includes logs and other information, for sending to support. This is executed by navigating to the server's root directory and running the command ./bin/c2rdiag and creates file, C2Rdiag_dump_xxxx.tar (where xxxx represents a time stamp) which you can then transfer to IBM in binary mode.
*Note c2rdiag must be run under a userid with root authority*

-The SYSPRINT from the last CKRCARLA run, the CKGPRINT from the last CKGRACF run, and the commands issued are available through the client's communication window.

-The MVS syslog surrounding the time of the error can also help.

-Check preexisting PTFs for any that might relate to your problem.

Home
 
Submitting Information to IBM Support

After a Case is open, you can submit data files to IBM using one of the following methods:
 
  • -FTP: Use this link for instructions on how to send data via FTP for My Support cases: FTP instructions
    Additional information for z/OS data is  also available at this link. 
    -Email: If FTP is not possible, or if files are <2MB, use the email ecurep@ecurep.ibm.com.

To email, please follow these conventions:

Email small files (<2MB) to ibmsecurity_support@ecurep.ibm.com. The subject line must follow this format - TSaaaaaaaaa xxxx

Where aaaaa = Case number, xxx = Descriptive text for the file

Your IBM Support Case is updated when either an email or file arrives, but only if the naming convention for the subject or file is followed. If you do not follow the specified naming convention, the email or file will be stored incorrectly and will effectively be lost.


Home
 
Sending Large Files

When submitting large files to Support, some additional steps might be needed.

Submitting a CKFREEZE, UNLOAD, SMF, or C2PCUST dataset:
1) Execute the following TSO command to put the CKFREEZE/UNLOAD/SMF/C2PCUST file into XMIT format.
NOTE: SMF datasets might not need to be placed in XMIT format unless the support analyst requests you to do so. These SMF datasets can be tersed and sent to IBM. Send the DCB parameters of your SMF datasets to the support analyst for instructions before sending the SMF data to IBM.

XMIT x.x DATASET('my.file') OUTDATASET('my.file.xmit')

(the notation of "x.x" is just a dummy required operand acting as a place holder, as the output is going to a data set, not a network destination)

2) Then execute TRSMAIN against the data set "my.file.xmit", giving an output data set name the low-level qualifier of "TRS" (for example, "my.file.xmit.trs").

3) Transmit using FTP in binary mode by using the previously provided information and instructions.

Home
 
Online Self-Help Resources
 
  • Review up-to-date product information at the zSecure support page. (Enter the zSecure product you are looking for within the product finder search bar).
     
  • Access online content on supported versions of the zSecure Suite using the IBM Documentation Web Page.

Home
 
Related Information

Recommended Fixes:
Home

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSATXH","label":"IBM Security zSecure Suite"},"ARM Category":[{"code":"a8m500000008ZPYAA2","label":"zSecure"}],"ARM Case Number":"","Platform":[{"code":"PF032","label":"VM"},{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"ARM Category":[{"code":"a8m0z000000GoZqAAK","label":"zSecure Admin-\u003ETroubleshooting"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPN95","label":"IBM Security zSecure Audit"},"ARM Category":[{"code":"a8m0z000000GoZ2AAK","label":"zSecure Audit-\u003ETroubleshooting"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPLQS","label":"IBM Security zSecure Alert"},"ARM Category":[{"code":"a8m0z000000GoZMAA0","label":"zSecure Alert-\u003ETroubleshooting"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRPQG","label":"IBM Security zSecure CICS Toolkit"},"ARM Category":[{"code":"a8m0z000000GoYTAA0","label":"zSecure CICS Toolkit-\u003ETroubleshooting"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRM9V","label":"IBM Security zSecure Command Verifier"},"ARM Category":[{"code":"a8m0z000000bm8XAAQ","label":"zSecure Command Verifier-\u003ETroubleshooting"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCHPT","label":"IBM Security zSecure Adapters for SIEM"},"ARM Category":[{"code":"a8m0z000000GoWhAAK","label":"zSecure Data Preparation for SIEM-\u003ETroubleshooting"}],"Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRMQU","label":"IBM Security zSecure Visual"},"ARM Category":[{"code":"a8m0z000000GoYYAA0","label":"zSecure Visual-\u003ETroubleshooting"}],"Platform":[{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSQQGJ","label":"IBM Security zSecure Manager for RACF z\/VM"},"ARM Category":[{"code":"a8m0z000000Goi9AAC","label":"zSecure Manager for RACF z\/VM-\u003ETroubleshooting"}],"Platform":[{"code":"PF037","label":"z\/VM"}],"Version":"All Versions"}]

Document Information

Modified date:
04 January 2022

UID

swg21980023