Hello,
I have two questions,they are as follws :
1. Trying to verify that SMF recorsd are being written, i am trying the following :
ls /+loglevel=ZosSmf119Record=F
Then doing a GET
I am unable to see the dump because,Attempts to get the error.log results in :
cozsftp> get /+error.log
Fetching /+error.log to +error.log
[04.337] Cannot download non-regular file: /+error.log
cozsftp>
2.I am also trying to get inforamtion regarding PUTs/GET/s etc into the syslog and have coded the following :
#! /bin/sh
# The presence of this executable script in £HOME/.ssh/sftp-server.rc
# will cause the COZ version of sftp-server to be used
# You may uncomment and set the following options to override the defaults:
#export SFTP_ZOS_OPTIONS="reqexits=.CZCHKCMD"
export SFTP_ZOS_OPTIONS="showall"
#export SFTP_ZOS_OPTIONS="smf"
#export SFTP_ZOS_OPTIONS="mode=text"
#export SFTP_ZOS_OPTIONS="recfm=vb,lrecl=256,space=cyl.3.1"
#export SFTP_ZOS_OPTIONS="dir=27,lrecl=256,recfm=vb
#space=cyl.1.1"
export SFTP_ZOS_INITIAL_DIR=//
SFTP_LOGFILE=/dev/console
# The Co:Z support team may request that you uncomment the following options
# to enable tracing:
#export SFTP_SERVER_OPTIONS="-e -l debug3"
#export COZ_LOG=T
export COZ_LOG=I,s
USE_COZ_SFTP=true
Nothing is seen in the logs despite using the above options.
Your help/advice will be greatly appreciated.
Thanks.
Hanif
SMF Verification and Writing output to the syslog
Hanif,
(question 1)
What version of Co:Z SFTP are you using on the z/OS client and the z/OS server?
I cannot reproduce the error that you are seeing with a recent version of the product.
The only explanation that I have is that you have SFTP_LOGFILE set to a device that is not a readable file (like /dev/console?)
(question 2)
I tried this also, and it works fine (messages are written out to SYSLOG). Perhaps you have a RACF or other security product setting that is preventing /dev/console from working.
Can you do this from a Unix shell under the same z/OS userid:
> echo "test message" > /dev/console
Does the message appear on the console?
Finally, it is not really a good idea to use /dev/console for the log, in my opinion:
a) If the user enables tracing, these messages will go to the console
b) The console cannot be read like a file, so "get /+error.log" from a remote client will not work (this is likely the answer to your first question).
So, it is best that you have your logs configured to go to regular files in a temporary directory, like /tmp, and then have a maintenance job that cleans up old files.
I hope that this helps.
(question 1)
What version of Co:Z SFTP are you using on the z/OS client and the z/OS server?
I cannot reproduce the error that you are seeing with a recent version of the product.
The only explanation that I have is that you have SFTP_LOGFILE set to a device that is not a readable file (like /dev/console?)
(question 2)
I tried this also, and it works fine (messages are written out to SYSLOG). Perhaps you have a RACF or other security product setting that is preventing /dev/console from working.
Can you do this from a Unix shell under the same z/OS userid:
> echo "test message" > /dev/console
Does the message appear on the console?
Finally, it is not really a good idea to use /dev/console for the log, in my opinion:
a) If the user enables tracing, these messages will go to the console
b) The console cannot be read like a file, so "get /+error.log" from a remote client will not work (this is likely the answer to your first question).
So, it is best that you have your logs configured to go to regular files in a temporary directory, like /tmp, and then have a maintenance job that cleans up old files.
I hope that this helps.
Hello,
RE :
Q1 :
Coz Version :Co:Z sftp-server version: 1.7.2 (5.0p1) 2010-07-23
I have removed SFTP_LOGFILE which was set to /dev/console and the results are :
ls /+loglevel=ZosSmf119Record=F
Then doing a GET
Fetching /+error.log to +error.log
ZosPosixFile: Closing file /u/tsghos/+error.log - 0 bytes received, 0 bytes written
We do have SMF type 119 turned on,so i would be expecting some recored to be written .
Q2:
We want to see all SFTP activity to be written to the syslog ,can you provide an example?
Thanks.
RE :
Q1 :
Coz Version :Co:Z sftp-server version: 1.7.2 (5.0p1) 2010-07-23
I have removed SFTP_LOGFILE which was set to /dev/console and the results are :
ls /+loglevel=ZosSmf119Record=F
Then doing a GET
Fetching /+error.log to +error.log
ZosPosixFile: Closing file /u/tsghos/+error.log - 0 bytes received, 0 bytes written
We do have SMF type 119 turned on,so i would be expecting some recored to be written .
Q2:
We want to see all SFTP activity to be written to the syslog ,can you provide an example?
Thanks.
Q1 - Not sure what your problem is. Do you have anything in your log file (in /tmp)?
This is what I get:
Q2) One way to have activity written to syslog would be to write a user exit (CZPOSTPR) that write completion information to syslog. Another way would be to use either an SMF exit or our SMF NMAPI to receive SMF records and write a message to the syslog. Directing log user's log to /dev/console is not recommended since:
- this will prevent the remote user from being able to retrieve his /+error.log (the log file)
- if the user turns on tracing, then all of this data will be sent to the syslog
This is what I get:
Code: Select all
cozsftp> ls /+loglevel=ZosSmf119Record=F
/+loglevel=ZosSmf119Record=F
cozsftp> lcd /tmp
cozsftp> get /etc/profile junk
Fetching /etc/profile to junk
/etc/profile
ZosPosixFile[I]: Closing file /S0W1/tmp/junk - 10248 bytes received, 10248 bytes written
cozsftp> get /+error.log
Fetching /+error.log to +error.log
/+error.log
ZosPosixFile[I]: Closing file /S0W1/tmp/+error.log - 3985 bytes received, 3985 bytes written- this will prevent the remote user from being able to retrieve his /+error.log (the log file)
- if the user turns on tracing, then all of this data will be sent to the syslog
An application may create (bind to) a Unix-domain datagram socket and if this socket exists then any Co:Z SFTP client or server on that machine will send it SMF record images (as individual messages).
The default socket name is "/var/log/cozsftp.smf.sock", but can be overridden using the SFTP_SMF_SOCK environment variable.
Co:Z SFTP client or server processes will write SMF records to this socket even if system SMF recording for SMF 119 records is not enabled.
See these references for more information on Unix-domain Datagram sockets:
http://en.wikipedia.org/wiki/Unix_domain_socket
http://en.wikipedia.org/wiki/Datagram_socket
We plan to release a sample program that does this, contact me offline for more information at info@dovetail.com
To date,several third-party vendor "MFT" products have implemented this interface in order to get SMF records in real time without the need to install SMF routing exits.
The default socket name is "/var/log/cozsftp.smf.sock", but can be overridden using the SFTP_SMF_SOCK environment variable.
Co:Z SFTP client or server processes will write SMF records to this socket even if system SMF recording for SMF 119 records is not enabled.
See these references for more information on Unix-domain Datagram sockets:
http://en.wikipedia.org/wiki/Unix_domain_socket
http://en.wikipedia.org/wiki/Datagram_socket
We plan to release a sample program that does this, contact me offline for more information at info@dovetail.com
To date,several third-party vendor "MFT" products have implemented this interface in order to get SMF records in real time without the need to install SMF routing exits.