SMF Records for sftp
-
- Posts: 40
- Joined: Thu Jun 01, 2017 9:15 am
SMF Records for sftp
Hello Support
we need to activate SMF Records for COZ sftp
How can we activate this records? (I known that ssh SMF record type 119)
is there any effect sftp performance? Because in our system runnning nearly 70k sftp jobs in a day,
it is very importan for us sftp performance
Do you have any comment?
Regards
Cagatay
we need to activate SMF Records for COZ sftp
How can we activate this records? (I known that ssh SMF record type 119)
is there any effect sftp performance? Because in our system runnning nearly 70k sftp jobs in a day,
it is very importan for us sftp performance
Do you have any comment?
Regards
Cagatay
Re: SMF Records for sftp
Information on using SMF with CO:Z SFTP can be found here:
https://dovetail.com/docs/sftp/smf-support.html
To enable, just add the "smf" option to the "fixed:" section of these files:
/etc/ssh/cozsftp_config (for client)
/etc/ssh/cozsftp_server_config ( for server)
See "E.3 Enabling SMF recording" for more information, especially the required RACF permissions required.
I would suggest that you enable this in your test environment to measure any impact. Generally, the overhead of writing a couple of SMF records for each file transfer is not significant when compared to the overhead of using SSH. But if you have a lot of transfers, you may need to plan for (2) SMF records for each transfer and plan for the impact that that will have to your SMF data sets.
https://dovetail.com/docs/sftp/smf-support.html
To enable, just add the "smf" option to the "fixed:" section of these files:
/etc/ssh/cozsftp_config (for client)
/etc/ssh/cozsftp_server_config ( for server)
See "E.3 Enabling SMF recording" for more information, especially the required RACF permissions required.
I would suggest that you enable this in your test environment to measure any impact. Generally, the overhead of writing a couple of SMF records for each file transfer is not significant when compared to the overhead of using SSH. But if you have a lot of transfers, you may need to plan for (2) SMF records for each transfer and plan for the impact that that will have to your SMF data sets.
-
- Posts: 40
- Joined: Thu Jun 01, 2017 9:15 am
Re: SMF Records for sftp
Hello
Should I find OMVS segment folder which We installed folder?
/etc/ssh/cozsftp_config (for client)
/etc/ssh/cozsftp_server_config ( for server)
Should I find OMVS segment folder which We installed folder?
/etc/ssh/cozsftp_config (for client)
/etc/ssh/cozsftp_server_config ( for server)
Re: SMF Records for sftp
I'm sorry, but I don't understand your question.
-
- Posts: 40
- Joined: Thu Jun 01, 2017 9:15 am
Re: SMF Records for sftp
always mainframe connects other server so, mainframe is always sftp client.
should I change cozsftp_config?
I didn't find cozsftp_config.
thise file using in "cozsftp" ?
if there is I can find where execute this
Regards
should I change cozsftp_config?
I didn't find cozsftp_config.
thise file using in "cozsftp" ?
if there is I can find where execute this
Regards
Re: SMF Records for sftp
To enable SMF recording for all client jobs, please follow the instructions in the documentation:
https://www.dovetail.com/docs/sftp/session-config.html
Section C.2 shows how to specify the smf option in the fixed: section of /etc/ssh/cozsftp_config.
A sample version of this file can be found at <COZ_INST>/samples/cozsftp_site_config
You should also confirm that you have met the other requirements for SMF recording, documented here:
https://www.dovetail.com/docs/sftp/smf- ... ml#d0e6364
https://www.dovetail.com/docs/sftp/session-config.html
Section C.2 shows how to specify the smf option in the fixed: section of /etc/ssh/cozsftp_config.
A sample version of this file can be found at <COZ_INST>/samples/cozsftp_site_config
You should also confirm that you have met the other requirements for SMF recording, documented here:
https://www.dovetail.com/docs/sftp/smf- ... ml#d0e6364
-
- Posts: 40
- Joined: Thu Jun 01, 2017 9:15 am
Re: SMF Records for sftp
in cozsftp
İHOME/.ssh/cozsftp_config
but there is no file it this folder
we changed this file folder
x/CoZ/cozsftp_config
added "smf" fixed section
run the jobs, we saw this message, is that right?
ZosSettings$W¨: Fixed section found in user config file - ignoring
İHOME/.ssh/cozsftp_config
but there is no file it this folder
we changed this file folder
x/CoZ/cozsftp_config
added "smf" fixed section
run the jobs, we saw this message, is that right?
ZosSettings$W¨: Fixed section found in user config file - ignoring
-
- Posts: 40
- Joined: Thu Jun 01, 2017 9:15 am
Re: SMF Records for sftp
is that the same which you advice?
1. To enable SMF recording for the client side, in the /etc/ssh/zos_ssh_config
file, set the keyword:
ClientSMF TYPE119_U83
or
ClientSMF TYPE119_U84
1. To enable SMF recording for the client side, in the /etc/ssh/zos_ssh_config
file, set the keyword:
ClientSMF TYPE119_U83
or
ClientSMF TYPE119_U84
-
- Posts: 40
- Joined: Thu Jun 01, 2017 9:15 am
Re: SMF Records for sftp
I Run cozsftp job with -vvv option
our jobs read /etc/ssh/zos_ssh_config
I added this file
ClientSMF TYPE119_U83
after that
I saw
debug1: zsshSmfSetConnSmfStatus: changing SMF status from 0 to 83
it that okey with Smf what is your comment?
Regards
Cagatay
our jobs read /etc/ssh/zos_ssh_config
I added this file
ClientSMF TYPE119_U83
after that
I saw
debug1: zsshSmfSetConnSmfStatus: changing SMF status from 0 to 83
it that okey with Smf what is your comment?
Regards
Cagatay
Re: SMF Records for sftp
When you use Co:Z SFTP, you are using IBM z/OS OpenSSH for the SSH layer.
You can configure IBM OpenSSH to write SMF records for the *connection*. These will be 119 subtypes 94,95, and 98:
https://www.ibm.com/support/knowledgece ... smfrec.htm
These records are useful if you want to track all SSH connections and what crypto algorithms that they are using.
If you want SMF records for Co:Z SFTP file transfers, then see this section in the documentation:
https://dovetail.com/docs/sftp/smf-support.html
You can get 119 subtype 3, and 70 records, which are the same format as IBM FTP uses and can support data sets.
To enable, just add the "smf" option to the "fixed:" section of these files:
/etc/ssh/cozsftp_config (for client)
/etc/ssh/cozsftp_server_config (for server)
(You didn't follow this advice before, since you tried to add a fixed section to the user's configuration files in $HOME/.ssh )
You can configure IBM OpenSSH to write SMF records for the *connection*. These will be 119 subtypes 94,95, and 98:
https://www.ibm.com/support/knowledgece ... smfrec.htm
These records are useful if you want to track all SSH connections and what crypto algorithms that they are using.
If you want SMF records for Co:Z SFTP file transfers, then see this section in the documentation:
https://dovetail.com/docs/sftp/smf-support.html
You can get 119 subtype 3, and 70 records, which are the same format as IBM FTP uses and can support data sets.
To enable, just add the "smf" option to the "fixed:" section of these files:
/etc/ssh/cozsftp_config (for client)
/etc/ssh/cozsftp_server_config (for server)
(You didn't follow this advice before, since you tried to add a fixed section to the user's configuration files in $HOME/.ssh )
-
- Posts: 40
- Joined: Thu Jun 01, 2017 9:15 am
Re: SMF Records for sftp
as I said before our cozjcl using
/etc/ssh/zos_ssh_config
not this folder;
/etc/ssh/cozsftp_config (for client)
So there is no effect when we change cozsftp_config
is there any wrong configuration?
Not: every thing work fine
/etc/ssh/zos_ssh_config
not this folder;
/etc/ssh/cozsftp_config (for client)
So there is no effect when we change cozsftp_config
is there any wrong configuration?
Not: every thing work fine
Re: SMF Records for sftp
1) What SMF 119 record subtypes do you want to collect? (3, 70, 94, 95, 98, ...) ?
If you can not answer this question, then I can not help you.
2) Do this in a z/OS Unix shell on the LPAR that you are using and post the console output:
cd /etc/ssh
ls -al
cat cozsftp_config
cat cozsftp_server_config
cat zos_ssh_config
cat zos_sshd_config
If you can not answer this question, then I can not help you.
2) Do this in a z/OS Unix shell on the LPAR that you are using and post the console output:
cd /etc/ssh
ls -al
cat cozsftp_config
cat cozsftp_server_config
cat zos_ssh_config
cat zos_sshd_config