IBM Mainframe Forum Index
 
Register
 
IBM Mainframe Forum Index Mainframe: Search Log in to check your private messages Log in
 

Identify who, from where, sign on CICS with an incorrect pw


 
IBM Mainframe Forums -> CICS
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
Weilin Wen

New User


Joined: 09 May 2019
Posts: 1
Location: China

PostPosted: Thu May 09, 2019 1:23 pm
Reply with quote

A user got his ID revoked repeatedly, and from SMF log, I find the terminal ID NVCP1590. How can I interpret the terminal ID? Hopefully, the terminal ID can lead me to an IP address.
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1689
Location: Tiruppur, India

PostPosted: Fri May 10, 2019 10:14 pm
Reply with quote

You could trace the terminal ID to its corresponding IP address using SMF Type 119.

SMF 119 - subtype 2 records connection TCP connection terminal records.

You might need MXG to process SMF type 119 records.
If you have MXG, then

Create a PDB with Type 119 records.
Look at TYP11902 dataset in the PDB.
TTTELUNA has the TERMINAL ID(LU name)
TTRIP has the IP address of the terminal.
You can cross verify your finding, by making sure the password was revoked at the same as the SMF time on Type 119 records.

WHERE TTTELUNA = 'NVCP1590';

Hope this helps.

Vasanth.S
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic All times are GMT + 6 Hours
Forum Index -> CICS
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Forum Replies
No new posts How to get RBA value from CICS EVENT CICS 3
This topic is locked: you cannot edit posts or make replies. Sample CICS Webservices Program CICS 1
This topic is locked: you cannot edit posts or make replies. Missing Negative sign in COBOL COBOL Programming 6
No new posts parmeter existence bit for URIMAP in ... CICS 1
No new posts How to use CICS command CEBR on sdsf ... CICS 1

Back to Top