IBM Power Ideas Portal
Hide about this portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Under review
Workspace IBM i
Categories Security
Created by Guest
Created on Jun 8, 2024

RELATED IDEAS

Provide ability to control SSL counters (in SST) from OS command line using an API

See this idea on ideas.ibm.com

We are running v7r4 and find the SSL counters that are available within SST very useful. A challenge we face is that due to our a weekly system interruption for full system save and IPL, these counters are disabled and get reset. It would desirable if an option were available to set the counters to be a) reset at IPL or b) persistent and survive an IPL, plus also it was be highly convenient if there could either an option (or system value) to have the counters restart automatically after IPL. If that isn't possible, perhaps provide an OS command or program API that would allow us to auto-start the counters, for example during our startup (QSTRUPJD) process. We want to track TLS protocol level + cipher counters week-by-week and the challenge is remembering to manually enter SST each Friday to record the connection counts and then on the next Monday we again have to remember to manually to into SST to re-enable the counters.

So, to summarize, the ask is:

a) option to have [reset/persistent] counters when an IPL happens

b) ability somehow to have counters auto-started at IPL

c) OS level command/API or other form of control, so as not to have to go into SST.

If any of these could be possible, it would provide progress in the right direction.

Thank you

Phil Howells

Australia

Idea priority High
  • Guest
    Reply
    |     Apr 4, 2025

    Hi Phil,

    Without wanting to preclude IBM from following up on your [good] Idea, the following may help to automate re-enabling the TLS connection counters after an IPL. Without having to run STRSST and the Advanced Analysis option.

    A prerequisite is to install QMGTOOLS, if you haven't already. And regularly check for QMGTOOLS updates. 
    https://www.ibm.com/support/pages/qmgtools-must-gather-data-collector-users-guide

    https://www.ibm.com/support/pages/mustgather-how-obtain-and-install-qmgtools-and-keep-it-current

    Alternatively go to https://public.dhe.ibm.com/services/us/igsc/has/. At the bottom of the list there are a bunch of QMGTOOL savf links for the various IBM i releases. It also includes a handy changelog text file.

    QMGTOOLS provides many options, many with a corresponding command that can be run direct from an OS command line or in batch. 
    The one you will be interested in is the command RUNAA2. This can be run via the QMGTOOLS menu (GO MG), option 9. Misc tools, options 18. Run AA macros 2.  Or run from the OS command line or in batch. 
    Most commands also have Help information, with the Extended help usually providing a URL that provides more detail about a command.

    We use RUNAA2 for the same purpose to monitor TLS connections.   
    Notes:
    - RUNAA2 has the parameter OUTPUT that defaults to *PRINT. 
     We found that the *DISPLAY value doesn't actually send the output to a display but does create a spool file. Something I have been meaning to report to IBM QMGTOOLS support. 
     The value *PF is also handy, defaulting to the output file QTEMP/SSTDUMPS. 
    -RUNAA2 won't resolve the counters being reset by an IPL, but running the command just before an IPL with the output to *PF may help to automatically record the counters' amounts.      
    -Each time you run RUNAA2 it updates file QTEMP/DISPLAY that is basically a log.  

    Enable TLS counters: 
    QMGTOOLS/RUNAA2 OS400USR(User_profile) OS400PWD(os_password) OS400PWD2(os_password) SSTUSR(User_Profile) SSTPWD(sst_password) SSTPWD2(sst_password) AAMACRO1(TLSCONFIG) AAOPT1('-connectionCounts:enable')    

    Display TLS counters: 
    QMGTOOLS/RUNAA2 OS400USR(User_profile) OS400PWD(os_password) OS400PWD2(os_password) SSTUSR(User_Profile) SSTPWD(sst_password) SSTPWD2(sst_password) AAMACRO1(TLSCONFIG) AAOPT1('-connectionCounts:display')    

    Disable TLS counters: 
    QMGTOOLS/RUNAA2 OS400USR(User_profile) OS400PWD(os_password) OS400PWD2(os_password) SSTUSR(User_Profile) SSTPWD(sst_password) SSTPWD2(sst_password) AAMACRO1(TLSCONFIG) AAOPT1('-connectionCounts:disable')    

    Reset TLS counters: 
    QMGTOOLS/RUNAA2 OS400USR(User_profile) OS400PWD(os_password) OS400PWD2(os_password) SSTUSR(User_Profile) SSTPWD(sst_password) SSTPWD2(sst_password) AAMACRO1(TLSCONFIG) AAOPT1('-connectionCounts:reset')    

    As part of the audit we also enabled the generation of audit journal entries (T SK) for TLS connections. Let me know if this is of interest to you.  

    Hope this helps you. 

    Regards,

    Jozsef Torok
    New Zealand

  • Guest
    Reply
    |     Jul 9, 2024
    IBM has received your Idea and is evaluating it. IBM will provide a response after evaluation is complete.

    IBM Power Systems Development

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.