Kisco Systems
iEventMonitor
iEventMonitor : Support : Frequently Asked Questions

The following is a list of frequently asked questions about iEventMonitor. If you have a question that is not covered here, ask us via E-mail and we'll answer your question.


Register your E-mail address to receive automatic notification when this product is updated.


iEventMonitor Frequently Asked Questions:


How can I perform a full reset of all of the active monitors and watches in iEventMonitor?

Sometimes you may need to do a full reset of the monitors and watches running in iEventMonitor. The recommended way to do this is as follows:

  • Run the command: IEMLIB/ENDIEM
  • Run the IBM command WRKACTJOB and verify that the IEMONITOR subsystem has ended.
  • Run the command: IEMLIB/STRIEM

When the STRIEM command runs and the IEMONITOR subsystem is inactive, a complete reset of all internal settings is done.


When the message queue monitor starts, an existing message does not issue an alert. Is this normal?

Older versions of iEventMonitor would sometimes pickup an outstanding message, but as of release 5.12, iEventMonitor's message queue monitor will only issue alerts on messages that are posted to the monitored message queue after the time when the monitor is started.


I am seeing a signficant increase in system audit journal activity since installing iEventMonitor. Can we control this?

Starting with Release 5.12, iEventMonitor uses an internal IBM i OS exit point for message queue monitoring. This feature of the IBM i OS generates a lot of profile swap activity which can be captured by the system audit journal as Type T, Code JS journal entries. Please see the following link for more of an explanation and a way to configure your system to significantly reduce this extra logging.

CLICK HERE.


How can I move iEventMonitor to another system or partition?

You can transfer iEventMonitor from one system to another by moving the application library named IEMLIB to the new system. Before you load the library on the new system, you will need to run the following series of commands:

CRTUSRPRF USRPRF(IEMONITOR) PASSWORD(*NONE) PWDEXP(*NO) STATUS(*DISABLED) USRCLS(*SECOFR) TEXT('Required user profile for IEM software')

CRTAUTL AUTL(IEMONITOR) TEXT('iEventMonitor Authorization List') AUT(*USE)

CHGAUTLE AUTL(IEMONITOR) USER(*PUBLIC) AUT(*USE)

ADDAUTLE AUTL(IEMONITOR) USER(QSECOFR) AUT(*ALL)

ADDAUTLE AUTL(IEMONITOR) USER(IEMONITOR) AUT(*ALL)

ADDAUTLE AUTL(IEMONITOR) USER(QTMHHTP1) AUT(*ALL)

ADDAUTLE AUTL(IEMONITOR) USER(QTMHHTTP) AUT(*ALL)

After you have loaded the IEMLIB library on the new system, run option #1 on the INSTALL menu. Then, run option #2 on the INSTALL menu to confirm that the software is now installed on trial. If so, you can now use the software in trial mode.

If you decide that you want to license the software on this alternate system, contact Kisco Information Systems for details.


Can we send email through SMTP using a port number other than 25?

Yes!

As installed, iEventMonitor defaults to using the standard port number 25. You can change the port number to a different port number. Before making the change, make sure that all monitors and watches have been stopped (ENDIEM).

The port number being used for outbound SMTP is stored in hexadecimal in positions 796-800 of the data area named IEMCONTROL in library IEMLIB. As shipped from Kisco Information Systems, this is set to X'0000000019' which is the hex equivalent of 25. After all monitors and watches have been stopped, you can change this value.

For example, if you want to change iEventMonitor to use port 24, you would use the following instruction:

CHGDTAARA DTAARA(IEMLIB/IEMCONTROL (796 5)) VALUE(X'0000000018')

After the change has been posted, go to the INSTALL menu in library IEMLIB and use option #12 to send a test email using this new setting. Confirm that the test email is delivered successfully before you resume normal use of the monitors and watches. You can restart everything using the STRIEM command.


We are upgrading our IBM/i OS. Are there any special considerations for iEventMonitor?

If you have implemented the browser option for responding to error messages, IEM Respond, then the answer is yes.

After the upgrade to the new IBM/i OS level has been completed, please run the following two commands on your system:

DLTSRVPGM SRVPGM(IEMLIB/QZHBCGI)
CRTDUPOBJ OBJ(QZHBCGI) FROMLIB(QHTTPSVR) OBJTYPE(*SRVPGM) TOLIB(IEMLIB)

This will reset the browser interface to use the current abilities in the new IBM/i OS levels.


Can we change the graphic at the top of the web page in IEM Respond to show our company logo and name?

Yes!

The graphic file for this is named "header.gif" and it is located the the htdocs folder for the IEVENTMON server instance. You will find this in the www folder off the IFS root directory on your system.

The graphic file is 600 pixels by 60 pixels. We recommend that you keep these dimensions for your own graphic file.

Before you install your own file, make sure that you save the current one by renaming it. This is for your safety should a problem develop and you need to restore the Kisco version of the file. Also, make a note for yourself that any future install of a version upgrade for iEventMonitor will result in the graphic file being reset back to the Kisco version. Make sure that you keep a copy of your new graphic file separate from the server instance objects in the IFS.


IEM Respond uses port#8077. Can we change the port# for our system?

Yes!

You will need to update the HTTP Server Instance on your system. To use a different port#, do the following:

  1. Make sure that the server instance named IEVENTMON is not running on your system.
    ENDTCPSVR SERVER(*HTTP) HTTPSVR(IEVENTMON)
  2. Start the HTTP Server Administration Tool on your system.
    STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
    This process can take up to several minutes on some systems.
  3. Log on to the HTTP Server Admin tool and select the IEVENTMON server instance.
  4. Select the "General Server Configuration" area in the panel on the left hand side of the page.
  5. From this detail, you can change the port number from 8077 to whatever port number that you may want to use.
  6. Note: Some customer may have upgraded the server instance to use HTTPS. If you have done this, you will also need to make a change in port number using the "Security" area in the panel on the left hand side of the page.
  7. Make sure that you apply all changes and then review the changes before you end the Admin session.
  8. Run option #9 on the INSTALL menu in library IEMLIB and update the "IEM Browser Respond IP" to change the port#.
  9. You can now restart the IEVENTMON server instance and start using the feature using the new port number.

We want to use iEventMonitor on our DR system. Are there any special considerations for DR testing?

When you transfer iEventMonitor to a DR site, the software will not work since it is only licensed to run on the system with your registered serial number and partition number. To conduct a DR test, contact Kisco Information Systems support and provide the serial number, partition number and date range for your testing. A temporary code will be provided to you in advance of your test.

If you use the iEventMonitor message queue reminder alerts feature, this will register an exit program on your DR system during your test. When you are done with your test, make sure that you run option #15 on the INSTALL menu in library IEMLIB to remove the exit point registration. Failure to do this may result in unpredictable processing on the DR system when the trial period for your DR test expires.


When we specify reminder alerts for the QSYSOPR message queue, the reminders get issued even after the message was answered. Why?

Some customers may choose to use multiple monitoring software products concurrently. The reminder alert process uses the QIBM_QMH_REPLY_INQ exit point. If another software product has a program already registered to this point, iEventMonitor will not register its own exit program and, as a result, the reminder logic will not work correctly.

You can verify this by running the following command:

WRKREGINF EXITPNT(QIBM_QMH_REPLY_INQ)

Place an 8 next to the displayed exit point to view the program(s) currently registered. If you find a program there in a library other than IRMLIB, then this is why the iEventMonitor reminder is not working correctly.

To correct for this, shut down your message queue monitor in iEventMonitor for the message queue in question. Review the jobs running in the IEMONITOR subsystem and cancel any jobs shown with a job name that starts with REMxxxxxx. Then, run the following command from the command line:

CHGDTAARA DTAARA(IEMLIB/IEMCONTROL (628 4)) VALUE(X'00000002')

This will change iEventMonitor to register its exit program in the second seat for the exit point. Once this change has been made, you can restart the message queue monitor with the reminder option active. If you view the exit point programs again, you will see two programs registered to the exit point.


Can I allow someone without *SECOFR authority use the features of iEventMonitor?

For customers who have Release 2 or later of iEventMonitor installed, this is taken care of by granting permission using option #8 on the INSTALL menu.

The following response applies only to customers with release 1 of iEventMonitor installed.

As shipped from Kisco, iEventMonitor can only be used by someone with *ALLOBJ authority. This is typically a security officer like QSECOFR. You may not want to grant such a high level of authority to someone who legitimately needs to be able to administer iEventMonitor.

In a future release, Kisco will be making this process easier, but for now you can accomplish this by just granting access rights to the library and objects for the specific user in question.

To grant the necessary permission, just run the following two commands, changing the lower case values to the appropriate values for your situation:

GRTOBJAUT OBJ(QSYS/IEMLIB) OBJTYPE(*LIB) USER(myuserid) AUT(*USE)

GRTOBJAUT OBJ(IEMLIB/*ALL) OBJTYPE(*ALL) USER(myuserid) AUT(*USE)

Once this has been done, then the user specified will be able to use the software. If you have several users where you want to set this up, consider creating a group profile and assigning them all to the group. If they are already part of a group, a supplemental group will also work.


Can I use iEventMonitor to check for user profiles that become disabled?

Yes, you can.

When a user profile becomes disabled, the IBM i OS sends a status message to the special message queue named QSYSMSG in library QSYS. If your system does not have this message queue, you can create it as it is a user optional message queue. To create it, use the following command:

CRTMSGQ MSGQ(QSYS/QSYSMSG) TEXT('System Security Message Queue')

Once the message queue has been created, set up a monitor for it in iEventMonitor and check for all messages from severity level zero and higher. All important security events will be reported to this message queue including user profiles that become disabled due to using incorrect passwords too many times.


After an IPL, the Watch Tasks that I set are no longer active. How can I restart them automatically?

Watch tasks end when you do an IPL or when you bring your system into restricted state. Following either of these events, they need to be restarted. You can do this, for both situations, by updating your system startup up program (system value QSTRUPPGM). In your startup program, you will need to add the following command:

IEMLIB/STRIEM

This will restart all monitors and watches that were running when the IPL was performed.


Can I send an alert as a text message to my smartphone?

Yes!

Check with your cell phone provider to find out the email address format that you should use and then just configure iEventMonitor to use that email address. For example, we use Verizon Wireless here at Kisco Information Systems. Verizon supports sending an email to a Verizon Wireless smartphone by using the email address format of: [areacode+phonenumber]@vtext.com. If your phone number is 518-555-1111, then the email address at Verizon Wireless would be "5185551111@vtext.com". Just use this email address in iEventMonitor and you will get a text message for the alert notification.

Here are the email to text formats currently available for the most common cell carriers available in the USA:

VERIZON: phonenumber@vtext.com
AT&T: phonenumber@txt.att.net
SPRINT: phonenumber@messaging.sprintpcs.com
SPRINT-NEXTEL: phonenumber@messaging.nextel.com
T-MOBILE: phonenumber@tmomail.net
CELLULAR ONE: phonenumbermobile@celloneusa.com
BOOST MOBILE: phonenumber@myboostmobile.com
CRICKET: phonenumber@sms.mycricket.com
US CELLULAR: phonenumber@email.uscc.net
VIRGIN MOBILE: phonenumber@vmobl.com
METROPCS: phonenumber@mymetropcs.com
REPUBLIC WIRELESS: phonenumber@text.republicwireless.com
TING: phonenumber@message.ting.com

Can I code my own alerts?

Absolutely!

iEventMonitor includes a built-in command that you can call from your own applications to issue alerts using the methods and delivery implemented by iEventMonitor.