× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



The IP address is available to the exit point. I've been logging with it for over 5 years. I require a trusted client certificate and use the exit point to verify that. I log the username from the certificate as well as the timestamp, user and device name if supplied (named device is required for SSL connections to my servers, so I change the status to denied if there is no device name). Pretty simple, really. There are many examples in the archives. Be sure NOT to change the parameter that allows signon - it will let any user on immediately even with a valid password. (That's all in the archives too; I'm pretty sure Scott Klement pointed that out at least once.) If you intend to use details from a client certificate, you'll need to be aware that older (unsupported) versions of the OS had a problem on the offset that has been corrected. If I'm not mistaken, it was Bruce Vining who commented on my post about that.
--
Sean Porterfield
________________________________________
From: John Earl
Sent: Friday, August 19, 2011 20:58
To: Midrange Systems Technical Discussion
Subject: Re: TELNET Project

Robert,

The QIBM_QTG_DEVINIT exit point will provide the data you want - and will also provide you with the ability to deny certain users or IP addresses with access to Telnet (though the security geek in me feels compelled to note that this exit point alone will not prevent other network connections such as FTP, ODBC, etc. from a valid user).

It's a simple interface with a data structure parameter list that provides a number of fields into the program and a single binary out of the program (An allow/deny access switch). You can use the input parameters to capture things like user name, job name, job number, and _I_think_ IP address. If the parameter list doesn't provide IP address, I know that information is available in one of the "current job" API calls (Gary Monnier probably knows for sure) so you might have to make an extra program call.

The only other thing to do then is arrange the data in a format (File, Dataq, journal?) that is easy for you to report on. Should be a simple task.

One word of caution - when you attach the exit program to the exit point, all future Telnet connections will be regulated by this exit program - so if it has a bug, no one will be able to make a new connection. Therefore, when testing, have aan active connection (or 5) that you can use to unregister the exit point just in case. (Just some been there done that advice.)

HTH

jte



On Aug 18, 2011, at 8:30 AM, Robert Munday wrote:

Greetings from the sunny south.





I have been tasked with capturing the user profiles and IP addresses of
those who sign into our system remotely. An analyst has directed me to
the IBM site for instructions on TELNET processing. It uses a program at
the Exit Point - QIBM_QTG_DEVINIT, and this is where I am to capture the
data. I have downloaded and am reviewing the programs from the IBM site.



Have you worked with this type of data capture? It's new to me and I seek
your guidance.



Thanks,







Robert Munday

Munday Software Consultants

Montgomery, AL

This email is confidential, intended only for the named recipient(s) above and may contain information that is privileged. If you have received this message in error or are not the named recipient(s), please notify the sender immediately and delete this email message from your computer as any and all unauthorized distribution or use of this message is strictly prohibited. Thank you.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.