Add Alert (ADDCCALR)

The ADDCCALR command allows an authorized user to add a new Security Alert. 

NOTE: Any maintenance to the Security Alerts is logged into an audit file.

The following users can use this command:

  • QSECOFR user profile (unless excluded in the Key Officer settings)
  • A user profile with *SECADM authority (unless excluded in the Key Officer settings)
  • A Key Officer that has a *YES specified for the “Maintain key policy and alerts” authority setting

Do the following steps to add an Alert:

  1. Prompt (F4) the command of CRYPTO/ADDCCALR.
  2. Press F1 on any parameter for complete online help text.
  3. Press Enter after the parameter values are entered.

Field Descriptions

Audit category Indicate the audit category to monitor.  Valid categories are:
*ALL All categories
*ALERT Any maintenance activities for Security Alerts
*AUTH Any authority errors encountered in Powertech Encryption for IBM i
*DEK Any maintenance activities for Data Encryption Keys
*EKMGR

Any maintenance to the External Key Manager entries along with a any connection issues to the External Key Manager will trigger an alert, which includes the following audit types:

  • 42-Entry added
  • 43-Entry changed
  • 44-Entry removed
  • 45-Connection failed
*FLDREG Any maintenance activities for Field Registry Entries
*IFSREG Any maintenance activities for IFS Registry Entries
*KEYOFR Any maintenance activities for Key Officer settings
*KEYPCY Any maintenance activities for Key Policy settings
*MEK Any maintenance activities for Master Encryption Keys

 
Sequence number Indicate the sequence number from 1-999.  This allows you to have multiple alerts sent out for each Audit Category.
Action Indicate the action to perform.  Valid actions are:
*EMAIL Send email to one or more recipients using the SNDDST command.
*MSGQBRK Send break messages to a specified message queue using the SNDBRKMSG command.
*MSGQINF Send messages to a specified message queue using the SNDMSG command.
*QAUDJRN Write journal entries into the QAUDJRN journal file.
*PTGLOG Send log messages to the Protegrity Defiance Enterprise Security Administrator (ESA).                                           
*QHST Send messages to the QHST log using the SNDMSG command.
*QSYSOPR Send messages to QSYSOPR using the SNDMSG command.
*SYSLOG Send messages to an external log server using SYSLOG protocol.
*USER Send messages to a User using the SNDMSG command.

 
To email address If the Action is *EMAIL, then specify one or more email addresses to notify.  Multiple email addresses should be separated by a comma. For instance: jsmith@abc.com,mlight@abc.com,kdodd@abc.com
To user profile If the Action is *USER, then specify the name of the User Profile to send the message to.
To message queue name Library If the Action is *MSGQBRK or *MSGQINF, then specify the name and library of the Message Queue to send the message to.
Log host If the Action is *SYSLOG or *PTGLOG, then specify the host name or IP address of the log server.
Log source port

Valid for *SYSLOG action type. Specify the local port to use when connecting to the log server. The default syslog port is 514.

NOTE: Note: When the local port is set to 0, the system will search for an available local port to use.
Log destination port Valid for *SYSLOG and *PTGLOG action types.  Specify the port for the log server. The default port for syslog servers is 514.
NOTE: If a Security Alert fails, then a message will be sent to QSYSOPR and an entry will be place in the audit log file.

Email Alerts

If you would like to send Alerts through email using the IBM i SMTP server, then you need to make sure that your system is configured properly.  Example steps:

  1. Run the following command:
    ADDDIRE USRID(INTERNET GATEWAY) USRD('Allow SNDDST to send INTERNET Mail') SYSNAME(INTERNET) MSFSRVLVL(*USRIDX) PREFADR(NETUSRID *IBM ATCONTXT)
  2. Change the mail distribution attributes by running the following command:
    CHGDSTA SMTPRTE(INTERNET GATEWAY)
  3. A directory entry is required for each user that may potentially send email (using the SNDDST command) as a Security Alert.  Example:
     ADDDIRE USRID(USERNAME SYSTEMNAME) USRD(‘User name’) USER(USERNAME)
  4. Run the SNDDST command to send a test email, and then verify that it was received.  Example:
    SNDDST TYPE(*LMSG) TOINTNET(username@abc.com) DSTD(‘Test Email Subject’) LONGMSG(‘Test Message Text’) SUBJECT(*DOCD)  
NOTE: Consult with your IBM i administrator before making any changes.