A fix is available
APAR status
Closed as program error.
Error description
Activating Alert 1124 causes unnecessary processing of SMF records. Many of the SMF type 119 records are not needed for Alert processing, and the quantity currently processed causes performance degradation.
Local fix
Disable Alert 1124
Problem summary
**************************************************************** * USERS AFFECTED: Users of zSecure Alert exploiting predefined * * alert IDs 1124 and 1125. * **************************************************************** * PROBLEM DESCRIPTION: zSecure Alert might consume an * * excessive amount of CPU time in cases * * where predefined alert IDs 1124 (Logon * * from a not allowed IP address) and 1125 * * (Password spraying attack) are * * activated. * **************************************************************** * RECOMMENDATION: Apply the PTF provided. * **************************************************************** When predefined alert IDs 1124 (Logon from a not allowed IP address) and 1125 (Password spraying attack) are activated, the zSecure Alert started task might consume an excessive amount of CPU time as it processes all sub-types of SMF records 119 generated by z/OS Communications Server.
Problem conclusion
zSecure Alert has been modified, so that it does not consume an excessive amount of CPU time in cases where predefined SMF alerts IDs 1124 (Logon from a not allowed IP address) and 1125 (Password spraying attack) are activated
Temporary fix
Comments
APAR Information
APAR number
OA65463
Reported component name
ZSEC BASE,ADMIN
Reported component ID
5655T0100
Reported release
240
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-09-04
Closed date
2023-11-21
Last modified date
2023-12-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UJ94139 UJ94140 UJ94141
Modules/Macros
C2P3ZAW C2PACMON C2PCKFAD C2PCKFCB C2PCKFCL C2PCLEAN C2PCOLLP C2PENFRT C2PENFXR C2PENVLP C2PESTAE C2PFX2PC C2PIDACF C2PINIT C2PIORTN C2POLICE C2PP3ZA4 C2PPARSE C2PPRSRC C2PRACRT C2PRCX02 C2PRCY02 C2PRDX02 C2PRDY02 C2PRFX04 C2PRFY04 C2PRIX02 C2PRIY02 C2PRPTHR C2PRPTIN C2PRPTMN C2PRPTRT C2PRTY00 C2PSMF86 C2PSMFPC C2PSMFRT C2PSMFU8 C2PUSC01 C2PUSC02 C2PUSC03 C2PUSCPC C2PUSCRT C2PWTORT CKQEXSMF CKQIO2PC CKQIOPC CKRA11 CKXINIT
Fix information
Fixed component name
ZSEC BASE,ADMIN
Fixed component ID
5655T0100
Applicable component levels
R240 PSY UJ94141
UP23/11/22 P F311
R250 PSY UJ94140
UP23/11/22 P F311
R310 PSY UJ94139
UP23/11/22 P F311
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"240","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
04 December 2023