IBM Mainframe Forum Index
Log In
IBM Mainframe Forum Index Mainframe: Search IBM Mainframe Forum: FAQ Register

Identify who, from where, sign on CICS with an incorrect pw

IBM Mainframe Forums -> CICS
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
Weilin Wen

New User

Joined: 09 May 2019
Posts: 1
Location: China

PostPosted: Thu May 09, 2019 1:23 pm
Reply with quote

A user got his ID revoked repeatedly, and from SMF log, I find the terminal ID NVCP1590. How can I interpret the terminal ID? Hopefully, the terminal ID can lead me to an IP address.
Back to top
View user's profile Send private message

Global Moderator

Joined: 28 Aug 2007
Posts: 1693
Location: Tiruppur, India

PostPosted: Fri May 10, 2019 10:14 pm
Reply with quote

You could trace the terminal ID to its corresponding IP address using SMF Type 119.

SMF 119 - subtype 2 records connection TCP connection terminal records.

You might need MXG to process SMF type 119 records.
If you have MXG, then

Create a PDB with Type 119 records.
Look at TYP11902 dataset in the PDB.
TTRIP has the IP address of the terminal.
You can cross verify your finding, by making sure the password was revoked at the same as the SMF time on Type 119 records.


Hope this helps.

Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic View Bookmarks
All times are GMT + 6 Hours
Forum Index -> CICS


Similar Topics
Topic Forum Replies
No new posts How to identify bad performers? Testing & Performance 8
No new posts Expected data is not coming up on Fir... CICS 2
No new posts ASP3 in CICS DB2 CICS 10
No new posts CICS / JAVA - Setup of definitions CICS 0
No new posts non-system user tasks in CICS CICS 1
Search our Forums:

Back to Top