Skip to Main Content
IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Workspace IBM i
Categories Networking
Created by Guest
Created on Oct 5, 2022

Capture MAC address in QAUDJRN with QAUDLVL *NETSCK

The *NETSCK audit level already provide information about socket connections made to the IBM i server, which includes from-and-to-IP-addresses. However, it does not capture the MAC address from where the socket request comes from. The reason why this will add value, is that in an environment whereby everybody links to the server via DHCP, the IP address cannot be used as a means to track that a specific user profile logged in to an IBM i session, from a specific PC, since the IP might change again. Collecting the MAC address will provide visibility as to which PC/Laptop a specific user was logged onto. The idea behind this visibility is that, from an audit point of view, I would like to see if there was a connection from a specific computer, for a specific user profile. I can probably build an exit program that can collect that information, but an auditor might reject the evidence, if it was not collected by a system process.

Idea priority Low
  • Guest
    Reply
    |
    Oct 18, 2022
    Thank you for taking the time to submit your Idea. While we see the benefit of having the client's MAC address logged for incoming connections, the only way that the MAC address would be for the PC connecting is if it was on a local network. The MAC address does not flow end-to-end through the network, so if the connecting PC is not on the local network, the sender's MAC address that the IBM i server would see is for the local router. In order to map the IP to a MAC address, it would require information from the DHCP server logs to do the mapping over time and the DHCP server is not necessarily even on the local system. For these reasons we are declining the request.

    IBM Power Systems Development