How can I monitor SFTP activity running through OpenSSH?
search cancel

How can I monitor SFTP activity running through OpenSSH?

book

Article ID: 49856

calendar_today

Updated On:

Products

CMDB for z/OS NetSpy Network Performance NetMaster Network Automation SOLVE NetMaster Network Management for SNA NetMaster Network Management for TCP/IP NetMaster File Transfer Management SOLVE:Operations Automation SOLVE:Access Session Management SOLVE:FTS

Issue/Introduction

How to configure monitoring of SFTP activity that runs through OpenSSH

 

Environment

Release:
Component: NMTIP

Resolution

As of r12.0, Netmaster for TCP/IP cannot monitor OpenSSH as FTP; it is possible to get the connection information.

Therefore, you will not be able to view dataset information.

When you go to /IPHIST, you will find the records under Connections, not under FTP Events.

By default, OpenSSH uses port 22. If you have configured a different port in for use in your environment, change the instructions below to match your definitions.

  1. In the IP monitor, create an OPENSSH ASMON if it has not already been discovered and configure it to monitor port 22.

  2. To see all records in the IP History, you need two entries, the same as you would for FTP. The reason for this is that inbound SFTP will use port 22 in OpenSSH while outbound SFTP will use the port 22 on whatever remote is also supporting SFTP. This will give you the full picture of all connections through OpenSSH.

Example for /IPAPPLS definitions:

Define local port for SFTP inbound from the network to the Mainframe
 
Application Name Entry
  Order .................... 20100
  Application Name Base .... SSHL
 
Connection Match Criteria
  Application Jobname ......
  TCP/IP Stack Jobname .....
  Local Port Range ......... 22-22
  Remote Address Range .....
  Remote Port Range ........
 
Processing Options
  Generate Name ............ ASIS
  Deliver Records .......... BOTH
  Write INIT Records ....... WRITE
  Write TERM Records ....... WRITE
  Collect Statistics? ...... YES
  Expiry Period (minutes)    60
 
Define remote port for SFTP outbound from the Mainframe to the network 
 
      Application Name Entry
  Order .................... 20110
  Application Name Base .... SSHR
  
Connection Match Criteria
  Application Jobname ......
  TCP/IP Stack Jobname .....
  Local Port Range .........
  Remote Address Range .....
  Remote Port Range ........ 22-22
 
Processing Options
  Generate Name ............ ASIS
  Deliver Records .......... BOTH
  Write INIT Records ....... WRITE
  Write TERM Records ....... WRITE
  Collect Statistics? ...... YES
  Expiry Period (minutes)    60
Powered by Wolken Software