Is there a way within TPX to trace the origin of a logon attempt?

search cancel

Is there a way within TPX to trace the origin of a logon attempt?

book

Article ID: 11216

calendar_today

Updated On:

Products

TPX - Session Management Vman Session Management for z/OS

Issue/Introduction

ACF2 reports are showing logon attempts by invalid userids using TPX as the source.

Example ACF2 LOGINS:

14:44:51      08.086 03/26 15.25 name name P-TPX termid * 4 system       
              08.086 03/26 15.27 name name P-TPX termid * 4 system

Is there a way within TPX to trace the origin of the logon attempt?

Environment

Release: 5.4
Component: TPX for Z/OS

Resolution

Use the Post-security call point of the TPXUSNSF Signon/Signoff exit to write a message containing the USERID and Terminal-ID to the TPX LOG, by using the LOGMSG macro.

It would capture the USERID and TERMID.
If IP address is needed, there is a variable (IPADDR) which contains that value. Code a TPXVGET macro for this.

Additional Information

TPX 5.4 Programming Guide - Signon and Signoff Exit

Feedback

thumb_up Yes

thumb_down No