Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Detecting system changes made by outside IP address

If you suspect that changes are being made by an external source, you can use an exit point program to monitor the activity and trace the IP address.

How can I get the User and IP of someone who is making changes to a file in the AS400 with an external program? For example, using the iSeries Navigator to make an SQL change to a table? I want to know how to obtain the user that logged in and their IP. I have a trigger to the table and I want to save a log for all those changes.
Your trigger program doesn't have access to the location information for an external SQL request. However, you could use an Exit Point Program to intercept a transaction as it is connecting to your system and extract the source IP address information. For example: We have an Exit Point Program that interrogates all SQL initialization requests…

When a user attempts to access our server via SQL, this program extracts the information and deposits an entry...

like this into the system audit journal:

Object . . . . . . . :                   Library  . . . . . . :         

Member . . . . . . . :
Incomplete data . . : No Minimized entry data : *NONE
Sequence . . . . . . : 4547878677
Code . . . . . . . . : U - User generated entry
Type . . . . . . . . : NA -
            Entry specific data                                         

Column *...+....1....+....2....+....3....+....4....+....5
00001 'OB172.017.000.242TOCISIN *SQL INIT DBS'
00051 'ERVER LNS081100011200014TOCISIN *SQL'

The IP address 172.017.000.242 and the User ID TOCISIN is now available to us for reporting purposes.

Developing Exit Point Programs can be a very complicated process. In our case we purchased and installed a product that provides Exit Point Programs for all of the available Exit Points that IBM has defined for the iSeries. This package also includes reporting functionality so we can easily determine who is accessing what on our system.

You can also define rules within this application to decide who can and who cannot access the system. If you want to keep track of who is accessing your iSeries system from the network, you will want to take a look at some of these Exit Point monitoring products. A Google search of "iSeries Network Security" will list several options, including how to write your own Exit Point Programs…

This was last published in September 2008

Dig Deeper on iSeries system performance and monitoring

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchEnterpriseLinux

SearchDataCenter

Close