Working with Status and Active Job Rules
IBM and Raz-Lee Entry Types include (see Appendix A: Raz-Lee Entry Types):
- IBM Entry Types – STRAUD > 11 (see Creating and Modifying Rules).
- Raz-Lee Entry Types @J, @K, @Q, @S - STRAUD > 13 (see Working with Status and Active Job Rules).
- Raz-Lee Entry Types @0…@9 - STRAUD > 14 (see Working with Message Queues).
- Other Raz-Lee Entry Types (see Appendix A: Raz-Lee Entry Types).
The following can be achieved using the Entry Type screens:
- Define rules triggered by specific field contents for each entry type. Resulting actions can generate messages, run command language (CL) commands and more.
- Generate reports using the iSecurity report generator and scheduler which controls, via field filters, which of the collected QAUDJRN entries are to be outputted to e-mail, message queue (MSGQ), Syslog, etc. The report generator can be accessed at STRAUD> 41 > 1.
To Work with Status & Active Job Rules:
- Select 13. Status of Job, Sys, JobQ, OutQ in the Main menu (STRAUD). The Control System Activity (Periodically)Rules for JobQ, OutQ, ActJob, SysSts screen appears. The table below describes the four standard entries that are included with the product.
| Control System Activity (Periodically) Rules for JobQ, OutQ, ActJob, SysSts Subset by entry . . by description . . Type option, press Enter. by classification. C=Compliance,.. 1=Select 3=Copy 4=Delete 8=Msg 9=Explanation & Classification Opt Entry Seq Act Cont. Description @J 1.0 N N PEPE is active (20) 2.0 N N PEPINO is active (30) Default for: Active job information @J @K 1.0 N N PEPE is NOT active 2.0 N N PEPEINO is NOT active Default for: Job not active @K @Q 1.0 N N Active JobQ/OutQ information Default for: Active JobQ/OutQ information @Q @S 1.0 Y N test system Default for: System status and pool information @S Bottom F3=Exit F6=Add New F8=Print F11=No/Default F12=Cancel F19=Info F22=Renumber Modify data, or press Enter to confirm. |
|
Entry |
Rule Description |
|
@J |
Logs Active job information, while comparing every line in the WRKACTJOB to the rule that uses it. |
|
@K |
Logs Inactive Jobs, while performing a check to verify whether the job is active. |
|
@Q |
Logs Active JobQ/OutQ information |
|
@S |
Logs System status & pool information, while checking filter conditions to verify if response criteria are met, and activating that response. |
- Select 1=Select to modify an existing rule or F6 to create a new rule. The Add Selection Rule screen appears.
| Add Selection Rule Rules for JobQ, OutQ, ActJob, SysSts Entry type . . . . . . . Sequence . . . . . . . Description . . . . . . N Name Check if in Time group . Perform action . . . . . Y *ADD Name, *NONE, *ADD Run action once per . 0 Seconds, 0=Always F3=Exit F4=Prompt F12=Cancel |
|
Parameter or Option |
Description |
|---|---|
|
Entry Type |
F4 = Choose from a list of available types |
|
Sequence |
Enter a sequence number or accept the default as presented. The sequence number determines the order of rule processing when there is more than one rule for a given audit type. |
|
Description |
Enter a meaningful description of the rule. |
|
Check if in Time group |
You can optionally limit this group only to a specific Time Group. Name = Time Group name F4 = Choose Time Group name from list |
|
Perform Action |
Y= Perform this action according to the rule N = Do NOT perform this action |
|
Run action once per |
The number of seconds between each performance of the action. |
- Enter parameters and data as described in the table. Press Enter when finished. The Filter Conditions screen appears. Filter criteria allow you to limit application of real-time detection rules to certain specific conditions.
See Working with Current Setting and Setting up the Audit Scheduler.