A fix is available
APAR status
Closed as program error.
Error description
Alert 1120 is not sent to destination ArcSight CEF via syslog. This issue is only applicable to zSecure 2.3.0 and 2.3.1.
Local fix
Upgrade to zSecure 2.4.0. If this is not an option: 1) Create your_userid.SCKRSLIB based on the allocation for the zSecure supplied hlq.SCKRSLIB 2) Copy hlq.SCKRSLIB(C2PS1120) to your_userid.SCKRSLIB 3) Edit your_userid.SCKRSLIB(C2PS1120) and f 'ArcSight CEF' 4) Change: )SEL &C2PERCTP = CEF recno(nd) maxdatetime(cef_dt,15), to )SEL &C2PERCTP = CEF maxdatetime(cef_dt,15), 5) Save your_userid.SCKRSLIB(C2PS1120) 6) Now start the zSecure Admin UI using your_userid prefixed files (in this case only SCKRSLIB): TSO CKR UPREFIX(your_userid) 7) Select Alert 1120 and choose the Arcsight destination 8) Verify and reFresh the alert configuration
Problem summary
**************************************************************** * USERS AFFECTED: Users of zSecure Alert using predefined * * alert 1120 with the ArcSight destination * * selected. * **************************************************************** * PROBLEM DESCRIPTION: zSecure Alert 1120 does not work for * * destination ArcSight. * **************************************************************** * RECOMMENDATION: Apply the PTF provided. * **************************************************************** When the destination for predefined alert 1120 (Major administrative activity) is set to 'ArcSight CEF via syslog', alerts are not sent when the alert is triggered.
Problem conclusion
zSecure Alert has been modified so that predefined alert 1120 sends an alert to ArcSight when destination ArcSight is selected.
Temporary fix
Comments
APAR Information
APAR number
OA59473
Reported component name
ZSEC BASE,ADMIN
Reported component ID
5655T0100
Reported release
230
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-04-24
Closed date
2020-05-06
Last modified date
2020-06-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UJ02827 UJ02828
Modules/Macros
C2PS1120
Fix information
Fixed component name
ZSEC BASE,ADMIN
Fixed component ID
5655T0100
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
02 June 2020