The following is a list of frequently asked questions about iEventMonitor. If you have a question that is not covered here, ask us via E-mail and we'll answer your question.
iEventMonitor Frequently Asked Questions:
Sometimes you may need to do a full reset of the monitors and watches running in iEventMonitor. The recommended way to do this is as follows:
When the STRIEM command runs and the IEMONITOR subsystem is inactive, a complete reset of all internal settings is done.
Older versions of iEventMonitor would sometimes pickup an outstanding message, but as of release 5.12, iEventMonitor's message queue monitor will only issue alerts on messages that are posted to the monitored message queue after the time when the monitor is started.
Starting with Release 5.12, iEventMonitor uses an internal IBM i OS exit point for message queue monitoring. This feature of the IBM i OS generates a lot of profile swap activity which can be captured by the system audit journal as Type T, Code JS journal entries. Please see the following link for more of an explanation and a way to configure your system to significantly reduce this extra logging.
You can transfer iEventMonitor from one system to another by moving the application library named IEMLIB to the new system. Before you load the library on the new system, you will need to run the following series of commands:
CRTUSRPRF USRPRF(IEMONITOR) PASSWORD(*NONE) PWDEXP(*NO) STATUS(*DISABLED) USRCLS(*SECOFR) TEXT('Required user profile for IEM software')
CRTAUTL AUTL(IEMONITOR) TEXT('iEventMonitor Authorization List') AUT(*USE)
CHGAUTLE AUTL(IEMONITOR) USER(*PUBLIC) AUT(*USE)
ADDAUTLE AUTL(IEMONITOR) USER(QSECOFR) AUT(*ALL)
ADDAUTLE AUTL(IEMONITOR) USER(IEMONITOR) AUT(*ALL)
ADDAUTLE AUTL(IEMONITOR) USER(QTMHHTP1) AUT(*ALL)
ADDAUTLE AUTL(IEMONITOR) USER(QTMHHTTP) AUT(*ALL)
After you have loaded the IEMLIB library on the new system, run option #1 on the INSTALL menu. Then, run option #2 on the INSTALL menu to confirm that the software is now installed on trial. If so, you can now use the software in trial mode.
If you decide that you want to license the software on this alternate system, contact Kisco Information Systems for details.
As installed, iEventMonitor defaults to using the standard port number 25. You can change the port number to a different port number. Before making the change, make sure that all monitors and watches have been stopped (ENDIEM).
The port number being used for outbound SMTP is stored in hexadecimal in positions 796-800 of the data area named IEMCONTROL in library IEMLIB. As shipped from Kisco Information Systems, this is set to X'0000000019' which is the hex equivalent of 25. After all monitors and watches have been stopped, you can change this value.
For example, if you want to change iEventMonitor to use port 24, you would use the following instruction:
CHGDTAARA DTAARA(IEMLIB/IEMCONTROL (796 5)) VALUE(X'0000000018')
After the change has been posted, go to the INSTALL menu in library IEMLIB and use option #12 to send a test email using this new setting. Confirm that the test email is delivered successfully before you resume normal use of the monitors and watches. You can restart everything using the STRIEM command.
If you have implemented the browser option for responding to error messages, IEM Respond, then the answer is yes.
After the upgrade to the new IBM/i OS level has been completed, please run the following two commands on your system:
CRTDUPOBJ OBJ(QZHBCGI) FROMLIB(QHTTPSVR) OBJTYPE(*SRVPGM) TOLIB(IEMLIB)
This will reset the browser interface to use the current abilities in the new IBM/i OS levels.
The graphic file for this is named "header.gif" and it is located the the htdocs folder for the IEVENTMON server instance. You will find this in the www folder off the IFS root directory on your system.
The graphic file is 600 pixels by 60 pixels. We recommend that you keep these dimensions for your own graphic file.
Before you install your own file, make sure that you save the current one by renaming it. This is for your safety should a problem develop and you need to restore the Kisco version of the file. Also, make a note for yourself that any future install of a version upgrade for iEventMonitor will result in the graphic file being reset back to the Kisco version. Make sure that you keep a copy of your new graphic file separate from the server instance objects in the IFS.
You will need to update the HTTP Server Instance on your system. To use a different port#, do the following:
ENDTCPSVR SERVER(*HTTP) HTTPSVR(IEVENTMON)
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)This process can take up to several minutes on some systems.
When you transfer iEventMonitor to a DR site, the software will not work since it is only licensed to run on the system with your registered serial number and partition number. To conduct a DR test, contact Kisco Information Systems support and provide the serial number, partition number and date range for your testing. A temporary code will be provided to you in advance of your test.
If you use the iEventMonitor message queue reminder alerts feature, this will register an exit program on your DR system during your test. When you are done with your test, make sure that you run option #15 on the INSTALL menu in library IEMLIB to remove the exit point registration. Failure to do this may result in unpredictable processing on the DR system when the trial period for your DR test expires.
Some customers may choose to use multiple monitoring software products concurrently. The reminder alert process uses the QIBM_QMH_REPLY_INQ exit point. If another software product has a program already registered to this point, iEventMonitor will not register its own exit program and, as a result, the reminder logic will not work correctly.
You can verify this by running the following command:
Place an 8 next to the displayed exit point to view the program(s) currently registered. If you find a program there in a library other than IRMLIB, then this is why the iEventMonitor reminder is not working correctly.
To correct for this, shut down your message queue monitor in iEventMonitor for the message queue in question. Review the jobs running in the IEMONITOR subsystem and cancel any jobs shown with a job name that starts with REMxxxxxx. Then, run the following command from the command line:
CHGDTAARA DTAARA(IEMLIB/IEMCONTROL (628 4)) VALUE(X'00000002')
This will change iEventMonitor to register its exit program in the second seat for the exit point. Once this change has been made, you can restart the message queue monitor with the reminder option active. If you view the exit point programs again, you will see two programs registered to the exit point.
For customers who have Release 2 or later of iEventMonitor installed, this is taken care of by granting permission using option #8 on the INSTALL menu.
The following response applies only to customers with release 1 of iEventMonitor installed.
As shipped from Kisco, iEventMonitor can only be used by someone with *ALLOBJ authority. This is typically a security officer like QSECOFR. You may not want to grant such a high level of authority to someone who legitimately needs to be able to administer iEventMonitor.
In a future release, Kisco will be making this process easier, but for now you can accomplish this by just granting access rights to the library and objects for the specific user in question.
To grant the necessary permission, just run the following two commands, changing the lower case values to the appropriate values for your situation:
GRTOBJAUT OBJ(QSYS/IEMLIB) OBJTYPE(*LIB) USER(myuserid) AUT(*USE)
GRTOBJAUT OBJ(IEMLIB/*ALL) OBJTYPE(*ALL) USER(myuserid) AUT(*USE)
Once this has been done, then the user specified will be able to use the software. If you have several users where you want to set this up, consider creating a group profile and assigning them all to the group. If they are already part of a group, a supplemental group will also work.
Yes, you can.
When a user profile becomes disabled, the IBM i OS sends a status message to the special message queue named QSYSMSG in library QSYS. If your system does not have this message queue, you can create it as it is a user optional message queue. To create it, use the following command:
CRTMSGQ MSGQ(QSYS/QSYSMSG) TEXT('System Security Message Queue')
Once the message queue has been created, set up a monitor for it in iEventMonitor and check for all messages from severity level zero and higher. All important security events will be reported to this message queue including user profiles that become disabled due to using incorrect passwords too many times.
Watch tasks end when you do an IPL or when you bring your system into restricted state. Following either of these events, they need to be restarted. You can do this, for both situations, by updating your system startup up program (system value QSTRUPPGM). In your startup program, you will need to add the following command:
This will restart all monitors and watches that were running when the IPL was performed.
Check with your cell phone provider to find out the email address format that you should use and then just configure iEventMonitor to use that email address. For example, we use Verizon Wireless here at Kisco Information Systems. Verizon supports sending an email to a Verizon Wireless smartphone by using the email address format of: [areacode+phonenumber]@vtext.com. If your phone number is 518-555-1111, then the email address at Verizon Wireless would be "email@example.com". Just use this email address in iEventMonitor and you will get a text message for the alert notification.
Here are the email to text formats currently available for the most common cell carriers available in the USA:
CELLULAR ONE: firstname.lastname@example.org
BOOST MOBILE: email@example.com
US CELLULAR: firstname.lastname@example.org
VIRGIN MOBILE: email@example.com
REPUBLIC WIRELESS: firstname.lastname@example.org
iEventMonitor includes a built-in command that you can call from your own applications to issue alerts using the methods and delivery implemented by iEventMonitor.