Skip to Main Content
IBM Power Ideas Portal

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Post your ideas

Start by posting ideas and requests to this portal to enhance a Power product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas and add comments to ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea

Help IBM prioritize your ideas and requests

The IBM team may need your help to refine the ideas so they may ask for more information or feedback. The Power teams will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at IBM works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.

Receive notification on the decision

Some ideas can be implemented at IBM, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.


Specific link you will want to bookmark for future use

IBM Unified Ideas Portal - https://ideas.ibm.com/ - Use this site to create or search for existing Ideas across all IBM products that are outside of Power, and track all of your personal interactions with all Ideas.

Status Future consideration
Workspace IBM i
Created by Guest
Created on Nov 2, 2021

Additional Audit entries for Netserver authentication and access

Would like to have additional Netserver authentication, connection and IFS file access events posted to QAUDJRN.


Use Case:

Our company uses several IFS shares and would like a reliable way of capturing Netserver authentication, connection and IFS file access information on a continuous basis. I attempted to use the QAUDJRN's VC & VN entries but found that that the entries are no longer written to the audit journal. I know we can query QAUDJRN for OM entries for IFS file access/changes but it would be nice to have all these types of events under a Netserver or IFS auditing group.

I was able to use this query to capture IP connection information for SMB ports:
SELECT CONNECTION_TYPE, REMOTE_ADDRESS,
LOCAL_ADDRESS, lOCAL_PORT, PROTOCOL, TCP_STATE, IDLE_TIME

FROM QSYS2.NETSTAT_INFO
WHERE LOCAL_PORT IN ('139','445')

Also, the GO NETS option 15 gives us the information we need; however, it is purely interactive and doesn't allow us to create an outfile or spoolfile. Capturing these events for syslog RFC format would be a plus.


Idea priority Medium
  • Guest
    Mar 17, 2022

    One piece of information that would also be helpful if this request becomes a reality, is the share name being used. While it can currently be obtained for current sessions, we need to find a way to report share names that are being used. This would allow us to clean up unused or infrequently used shares, and also determine who is using R/W shares to see if they could be moved to use shares with more specific paths. Periodically capturing the shares in use is cumbersome and could easily miss some that are just used for brief periods. By adding this information to a journal entry when the connection is made would allow for easy reporting of the shares in use.

  • Guest
    Jan 19, 2022

    Hello,

    When considering this, may I politely ask you to also have a look at the "Unknown User Attempts". They are registered when viewing the IBM i Netserver status.

    We have people asking us where they come from and to monitor this 24/7. Today that can only be done on IBM i with a communication trace, but that was not designed for 24/7 monitoring if you ask me.

    Greetings Rudi

  • Guest
    Jan 18, 2022

    See also:
    https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=153784

  • Guest
    Dec 16, 2021

    The CEAC has reviewed this requirement and recommends that IBM view this as a MEDIUM priority requirement that should be addressed.

    Background: The COMMON Europe Advisory Council (CEAC) members have a broad range of experience in working with small and medium-sized IBM i customers. CEAC has a crucial role in working with IBM i development to help assess the value and impact of individual RFEs on the broader IBM i community and has therefore reviewed your RFE.

    To find out how CEAC help to shape the future of IBM i, see CEAC @ ibm.biz/BdYSYj and the article "The Five Hottest IBM i RFEs Of The Quarter" at ibm.biz/BdYSZT

    Therese Eaton – CEAC Program Manager, IBM

  • Guest
    Nov 4, 2021

    Thank you for submitting this request. We do understand the request. The needs to secure and monitor the system are ever-evolving and we strive to provide the means to provide these capabilities as we are able to.

    We will consider this request as we prioritize our future work.

  • Guest
    Nov 3, 2021

    GO NETS option 15 information is available via API QZLSLSTI format ZLSL0300/ZLSL0600.

    You could write a UDT so it is accessible with SQL.