GSKSRVR trace
Ok, I'm hopelessly ignorant about z/OS tracing, so please don't laugh (too hard). I'm trying to follow the instructions on https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.gska100/sssl2dia1023728.htm to learn about SSL tracing. Yes, this is a test system. I copied the GSK.SGSKSAMP(GSKWTR) member to the PROCLIB and customized it: //GSKWTR PROC //IEFPROC EXEC PGM=ITTTRCWR,REGION=32M //TRCOUT01 DD DSN=PHS.GSK.TRACE1,DISP=(NEW,CATLG), //SPACE=(CYL,(10)),UNIT=SYSDA Then I issued: TRACE CT,WTRSTART=GSKWTR which got: ITT038I ALL OF THE TRANSACTIONS REQUESTED VIA THE TRACE CT COMMAND WERE SUCCESSFULLY EXECUTED. IEE839I ST=(ON,0001M,4M) AS=ON BR=OFF EX=ON MO=OFF MT=(ON,064K) 451 ISSUE DISPLAY TRACE CMD FOR SYSTEM AND COMPONENT TRACE STATUS ISSUE DISPLAY TRACE,TT CMD FOR TRANSACTION TRACE STATUS IEF196I 1 //GSKWTR JOB MSGLEVEL=1 IEF196I 2 //STARTING EXEC GSKWTR IEF196I STMT NO. MESSAGE IEF196I 2 IEFC001I PROCEDURE GSKWTR WAS EXPANDED USING SYSTEM IEF196I LIBRARY VENDOR.PROCLIB IEF196I 3 XXGSKWTR PROC IEF196I 4 XXIEFPROC EXEC PGM=ITTTRCWR,REGION=32M IEF196I 5 XXTRCOUT01 DD DSN=PHS.GSK.TRACE1,DISP=(NEW,CATLG), IEF196I XXSPACE=(CYL,(10)),UNIT=SYSDA IEF196I IEF236I ALLOC. FOR GSKWTR GSKWTR IEF196I IGD100I 0D39 ALLOCATED TO DDNAME TRCOUT01 DATACLAS () IEF196I AHL906I THE OUTPUT BLOCK SIZE OF27998 WILL BE USED FOR IEF196I OUTPUT IEF196I DATA SETS: IEF196I PHS.GSK.TRACE1 AHL906I THE OUTPUT BLOCK SIZE OF27998 WILL BE USED FOR OUTPUT 463 DATA SETS: PHS.GSK.TRACE1 ITT110I INITIALIZATION OF CTRACE WRITER GSKWTR COMPLETE. So far so good. Then I issue: TRACE CT,ON,COMP=GSKSRVR and I get: ITT001I TRACE COMP=GSKSRVR 472 IS NOT DEFINED. ITT038I NONE OF THE TRANSACTIONS REQUESTED VIA THE TRACE CT COMMAND WERE SUCCESSFULLY EXECUTED. IEE839I ST=(ON,0001M,4M) AS=ON BR=OFF EX=ON MO=OFF MT=(ON,064K) 474 ISSUE DISPLAY TRACE CMD FOR SYSTEM AND COMPONENT TRACE STATUS ISSUE DISPLAY TRACE,TT CMD FOR TRANSACTION TRACE STATUS OK, I'm missing something basic (and probably obvious). Any idea what? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: GSKSRVR trace
I think you have to start the GSKSRVR first before starting the GSK writer. We had to do an SSL trace per IBM's request and the following was the process they gave to us. Note, this was for a CICS trace so your reply may be different. 1) Start the GSKSRVR started task: S GSKSRVR 2) Start the trace writer proc with the console command: TRACE CT,WTRSTART=GSKWTR 3) Start SSL CTRACE with the console command: TRACE CT,ON,COMP=GSKSRVR 4) Reply to the outstanding reply: (yourjob is the name of the CICS region to be traced) R xx,JOBNAME=(yourjob),OPTIONS=(LEVEL=255),WTR=GSKWTR,END 4a) D TRACE,COMP=GSKSRVR,SUB=(jobname) to verify trace is active 4b) Refresh the SSL environment using CEMT PERFORM SSL REBUILD 5) Establish a connection to CICS 6) Stop SSL CTRACE with the console command: TRACE CT,OFF,COMP=GSKSRVR 7) Stop the trace writer proc with the console command: TRACE CT,WTRSTOP=GSKWTR,FLUSH 8) Stop the GSKSRVR started task: P GSKSRVR -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Smith III, Phil (HPE Data Security (Voltage)) Sent: Friday, August 18, 2017 6:46 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: GSKSRVR trace Ok, I'm hopelessly ignorant about z/OS tracing, so please don't laugh (too hard). I'm trying to follow the instructions on https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.gska100/sssl2dia1023728.htm to learn about SSL tracing. Yes, this is a test system. I copied the GSK.SGSKSAMP(GSKWTR) member to the PROCLIB and customized it: //GSKWTR PROC //IEFPROC EXEC PGM=ITTTRCWR,REGION=32M //TRCOUT01 DD DSN=PHS.GSK.TRACE1,DISP=(NEW,CATLG), //SPACE=(CYL,(10)),UNIT=SYSDA Then I issued: TRACE CT,WTRSTART=GSKWTR which got: ITT038I ALL OF THE TRANSACTIONS REQUESTED VIA THE TRACE CT COMMAND WERE SUCCESSFULLY EXECUTED. IEE839I ST=(ON,0001M,4M) AS=ON BR=OFF EX=ON MO=OFF MT=(ON,064K) 451 ISSUE DISPLAY TRACE CMD FOR SYSTEM AND COMPONENT TRACE STATUS ISSUE DISPLAY TRACE,TT CMD FOR TRANSACTION TRACE STATUS IEF196I 1 //GSKWTR JOB MSGLEVEL=1 IEF196I 2 //STARTING EXEC GSKWTR IEF196I STMT NO. MESSAGE IEF196I 2 IEFC001I PROCEDURE GSKWTR WAS EXPANDED USING SYSTEM IEF196I LIBRARY VENDOR.PROCLIB IEF196I 3 XXGSKWTR PROC IEF196I 4 XXIEFPROC EXEC PGM=ITTTRCWR,REGION=32M IEF196I 5 XXTRCOUT01 DD DSN=PHS.GSK.TRACE1,DISP=(NEW,CATLG), IEF196I XXSPACE=(CYL,(10)),UNIT=SYSDA IEF196I IEF236I ALLOC. FOR GSKWTR GSKWTR IEF196I IGD100I 0D39 ALLOCATED TO DDNAME TRCOUT01 DATACLAS () IEF196I AHL906I THE OUTPUT BLOCK SIZE OF27998 WILL BE USED FOR IEF196I OUTPUT IEF196I DATA SETS: IEF196I PHS.GSK.TRACE1 AHL906I THE OUTPUT BLOCK SIZE OF27998 WILL BE USED FOR OUTPUT 463 DATA SETS: PHS.GSK.TRACE1 ITT110I INITIALIZATION OF CTRACE WRITER GSKWTR COMPLETE. So far so good. Then I issue: TRACE CT,ON,COMP=GSKSRVR and I get: ITT001I TRACE COMP=GSKSRVR 472 IS NOT DEFINED. ITT038I NONE OF THE TRANSACTIONS REQUESTED VIA THE TRACE CT COMMAND WERE SUCCESSFULLY EXECUTED. IEE839I ST=(ON,0001M,4M) AS=ON BR=OFF EX=ON MO=OFF MT=(ON,064K) 474 ISSUE DISPLAY TRACE CMD FOR SYSTEM AND COMPONENT TRACE STATUS ISSUE DISPLAY TRACE,TT CMD FOR TRANSACTION TRACE STATUS OK, I'm missing something basic (and probably obvious). Any idea what? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: GSKSRVR trace
Mike Schmutzok wrote: >I think you have to start the GSKSRVR first before starting the GSK writer. We >had to do an SSL trace per IBM's request and the following was the process >they gave to us. Note, this was for a CICS trace so your reply may be >different. Well, that would certainly make sense, will try it! Thanks. Assuming it's the answer, I guess my next question is, "What is GSKSRVR?" It sounds like it's the System SSL process, but System SSL works without it, so that can't be right! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: GSKSRVR trace
Well, color me stumped yet again. I have no GSKSRVR member in any PROCLIB! What am I missing? (Yes, I know, "a GSKSRVR member"...) From: Smith III, Phil (HPE Data Security (Voltage)) Sent: Saturday, August 19, 2017 5:17 PM To: ibm-m...@bama.ua.edu Subject: RE: GSKSRVR trace Mike Schmutzok wrote: >I think you have to start the GSKSRVR first before starting the GSK writer. We >had to do an SSL trace per IBM's request and the following was the process >they gave to us. Note, this was for a CICS trace so your reply may be >different. Well, that would certainly make sense, will try it! Thanks. Assuming it's the answer, I guess my next question is, "What is GSKSRVR?" It sounds like it's the System SSL process, but System SSL works without it, so that can't be right! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: GSKSRVR trace
Should be in your IBM supplied PROCLIB, SYS1.PROCLIB, or SYS1.IBM.PROCLIB I have a working proc if you'd like Carmen - Original Message - From: "Smith III, Phil (HPE Data Security (Voltage))" To: IBM-MAIN@LISTSERV.UA.EDU Sent: Tuesday, August 22, 2017 1:25:56 PM Subject: Re: GSKSRVR trace Well, color me stumped yet again. I have no GSKSRVR member in any PROCLIB! What am I missing? (Yes, I know, "a GSKSRVR member"...) From: Smith III, Phil (HPE Data Security (Voltage)) Sent: Saturday, August 19, 2017 5:17 PM To: ibm-m...@bama.ua.edu Subject: RE: GSKSRVR trace Mike Schmutzok wrote: >I think you have to start the GSKSRVR first before starting the GSK writer. We >had to do an SSL trace per IBM's request and the following was the process >they gave to us. Note, this was for a CICS trace so your reply may be >different. Well, that would certainly make sense, will try it! Thanks. Assuming it's the answer, I guess my next question is, "What is GSKSRVR?" It sounds like it's the System SSL process, but System SSL works without it, so that can't be right! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: GSKSRVR trace
Hi Phil, Try GSK.SGSKSAMP? Thanks! BobL -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Smith III, Phil (HPE Data Security (Voltage)) Sent: Tuesday, August 22, 2017 12:26 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: GSKSRVR trace [ EXTERNAL ] Well, color me stumped yet again. I have no GSKSRVR member in any PROCLIB! What am I missing? (Yes, I know, "a GSKSRVR member"...) From: Smith III, Phil (HPE Data Security (Voltage)) Sent: Saturday, August 19, 2017 5:17 PM To: ibm-m...@bama.ua.edu Subject: RE: GSKSRVR trace Mike Schmutzok wrote: >I think you have to start the GSKSRVR first before starting the GSK writer. We >had to do an SSL trace per IBM's request and the following was the process >they gave to us. Note, this was for a CICS trace so your reply may be >different. Well, that would certainly make sense, will try it! Thanks. Assuming it's the answer, I guess my next question is, "What is GSKSRVR?" It sounds like it's the System SSL process, but System SSL works without it, so that can't be right! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or disclose the content of all email communications. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: GSKSRVR trace
ah - that's where I got mine, you'll also need to GSKWTR I believe, the GSKSRVR starts the GSKWTR - Original Message - From: "Bob Lester" To: IBM-MAIN@LISTSERV.UA.EDU Sent: Tuesday, August 22, 2017 1:30:28 PM Subject: Re: GSKSRVR trace Hi Phil, Try GSK.SGSKSAMP? Thanks! BobL -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Smith III, Phil (HPE Data Security (Voltage)) Sent: Tuesday, August 22, 2017 12:26 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: GSKSRVR trace [ EXTERNAL ] Well, color me stumped yet again. I have no GSKSRVR member in any PROCLIB! What am I missing? (Yes, I know, "a GSKSRVR member"...) From: Smith III, Phil (HPE Data Security (Voltage)) Sent: Saturday, August 19, 2017 5:17 PM To: ibm-m...@bama.ua.edu Subject: RE: GSKSRVR trace Mike Schmutzok wrote: >I think you have to start the GSKSRVR first before starting the GSK writer. We >had to do an SSL trace per IBM's request and the following was the process >they gave to us. Note, this was for a CICS trace so your reply may be >different. Well, that would certainly make sense, will try it! Thanks. Assuming it's the answer, I guess my next question is, "What is GSKSRVR?" It sounds like it's the System SSL process, but System SSL works without it, so that can't be right! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or disclose the content of all email communications. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: GSKSRVR trace
The SSL started task (GSKSRVR) provides sysplex session cache support, dynamic trace support, and notification when changing from hardware to software cryptography. The SSL started task is an optional component of System SSL and does not need to be configured and started in order to use System SSL. The default home directory for the SSL started task is /etc/gskssl/server. A different home directory can be specified by changing the definition of the HOME environment variable in the GSKSRVR procedure. The SSL started task reads the envar file in the home directory to set the environment variables. This file is a variable-length file where each line consists of a variable name and variable value separated by '='. Trailing blanks are removed from the variable value. Blanks lines and lines beginning with '#' are ignored. 1.Create the home directory for the SSL started task (the default is /etc/gskssl/server) 2.Copy the sample envar file (gsksrvr.envar) from /usr/lpp/gskssl/examples/ to /etc/gskssl/server/ with a new file name of "envar". By default, the full path is /etc/gskssl/server/envar (change the directory name to match the home directory created). Modify the LANG, TZ, and NLSPATH values to meet local installation requirements. 3.Copy the sample started procedure from GSK.SGSKSAMP(GSKSRVR) to SYS1.PROCLIB(GSKSRVR) Note: The sample started task procedure routes informational messages, such as GSK01001I, to standard out, while error messages, such as GSK01015E are routed to standard error. If you want to route informational and error messages to the same place in the job log, change:// / 1>DD:STDOUT 2>DD:STDERR') to// / >DD:STDOUT 2>&1') 4.Create the GSKSRVR user and associate it with the GSKSRVR started procedure. Replace 'nn' in the ADDUSER command with a non-zero value which is not assigned to another user. ADDUSER GSKSRVR DFLTGRP(SYS1) NOPASSWORD OMVS(UID(nn) PROGRAM(/bin/sh) HOME(/etc/gskssl/server)) RDEFINE STARTED GSKSRVR.** STDATA(USER(GSKSRVR) GROUP(SYS1) TRUSTED) SETROPTS RACLIST(STARTED) REFRESH 5.Ensure that the pdsename.SIEALNKE and CEE.SCEERUN data sets are APF-authorized and are either in the link list concatenation or are specified as a STEPLIB for the GSKSRVR procedure. 6.Optionally, set up a message processing exit to automatically start the GSKSRVR started task. The GSK.SGSKSAMP(GSKMSGXT) program is a sample message processing exit for this purpose. To activate the exit, add this to the appropriate MPFLSTxx member in SYS1.PARMLIB. BPXI004I,SUP(NO),USEREXIT(STARTSSL) This starts GSKSRVR when OMVS initialization is complete, assuming the GSKMSGXT program was linked as STARTSSL and placed in a LNKLST data set. 7.Optionally, set up an automatic restart management (ARM) policy for the GSKSRVR started task if the default ARM policy values are not appropriate. The element type is SYSSSL and should be assigned to restart level 2. The element name is GSKSRVR_sysname. For example, the element name for the GSKSRVR started task on system DCESEC4 would be GSKSRVR_DCESEC4. Since the normal operating mode is to run the GSKSRVR started task on each system in the sysplex, the GSKSRVR started task registers with ARM to be restarted only if the started task fails and not if the current system fails. The TERMTYPE parameter of the ARM policy can be used to override this registration if you want. 8.If access to the ICSF callable services are protected with CSFSERV class profiles on your system, the GSKSRVR user ID might need to be given READ authority to call the ICSF CSFIQA and CSFPPRF callable services. These services are protected by the CSFIQA and CSFRNG profiles. If these callable services are protected with a generic CSF* profile in the CSFSERV class, access can be granted by entering:PERMIT CSF* CLASS(CSFSERV) ID(GSKSRVR) ACCESS(READ) SETROPTS RACLIST(CSFSERV) REFRESH -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Smith III, Phil (HPE Data Security (Voltage)) Sent: Tuesday, August 22, 2017 2:26 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: GSKSRVR trace Well, color me stumped yet again. I have no GSKSRVR member in any PROCLIB! What am I missing? (Yes, I know, "a GSKSRVR member"...) From: Smith III, Phil (HPE Data Security (Voltage)) Sent: Saturday, August 19, 2017 5:17 PM To: ibm-m...@bama.ua.edu Subject: RE: GSKSRVR trace Mike Schmutzok wrote: >I think you have to start the GSKSRVR first before starting the GSK writer. We >had to do an SSL trace per IBM's request and the following was the process >they gave to us. Note, this was for a CICS trace so your reply may be >different. Well, that would certainly make sense, will try it! Thanks. Assuming it's the answer, I guess my next question is, "What is GSKSRVR?
Re: GSKSRVR trace
Absolutely correct, but to get SSL trace data to IBM support it's absolutely needed and a great help to identify AT-TLS SSL issues. Carmen - Original Message - From: "Mike Schmutzok (Alpharetta)" To: IBM-MAIN@LISTSERV.UA.EDU Sent: Tuesday, August 22, 2017 1:35:22 PM Subject: Re: GSKSRVR trace The SSL started task (GSKSRVR) provides sysplex session cache support, dynamic trace support, and notification when changing from hardware to software cryptography. The SSL started task is an optional component of System SSL and does not need to be configured and started in order to use System SSL. The default home directory for the SSL started task is /etc/gskssl/server. A different home directory can be specified by changing the definition of the HOME environment variable in the GSKSRVR procedure. The SSL started task reads the envar file in the home directory to set the environment variables. This file is a variable-length file where each line consists of a variable name and variable value separated by '='. Trailing blanks are removed from the variable value. Blanks lines and lines beginning with '#' are ignored. 1.Create the home directory for the SSL started task (the default is /etc/gskssl/server) 2.Copy the sample envar file (gsksrvr.envar) from /usr/lpp/gskssl/examples/ to /etc/gskssl/server/ with a new file name of "envar". By default, the full path is /etc/gskssl/server/envar (change the directory name to match the home directory created). Modify the LANG, TZ, and NLSPATH values to meet local installation requirements. 3.Copy the sample started procedure from GSK.SGSKSAMP(GSKSRVR) to SYS1.PROCLIB(GSKSRVR) Note: The sample started task procedure routes informational messages, such as GSK01001I, to standard out, while error messages, such as GSK01015E are routed to standard error. If you want to route informational and error messages to the same place in the job log, change:// / 1>DD:STDOUT 2>DD:STDERR') to// / >DD:STDOUT 2>&1') 4.Create the GSKSRVR user and associate it with the GSKSRVR started procedure. Replace 'nn' in the ADDUSER command with a non-zero value which is not assigned to another user. ADDUSER GSKSRVR DFLTGRP(SYS1) NOPASSWORD OMVS(UID(nn) PROGRAM(/bin/sh) HOME(/etc/gskssl/server)) RDEFINE STARTED GSKSRVR.** STDATA(USER(GSKSRVR) GROUP(SYS1) TRUSTED) SETROPTS RACLIST(STARTED) REFRESH 5.Ensure that the pdsename.SIEALNKE and CEE.SCEERUN data sets are APF-authorized and are either in the link list concatenation or are specified as a STEPLIB for the GSKSRVR procedure. 6.Optionally, set up a message processing exit to automatically start the GSKSRVR started task. The GSK.SGSKSAMP(GSKMSGXT) program is a sample message processing exit for this purpose. To activate the exit, add this to the appropriate MPFLSTxx member in SYS1.PARMLIB. BPXI004I,SUP(NO),USEREXIT(STARTSSL) This starts GSKSRVR when OMVS initialization is complete, assuming the GSKMSGXT program was linked as STARTSSL and placed in a LNKLST data set. 7.Optionally, set up an automatic restart management (ARM) policy for the GSKSRVR started task if the default ARM policy values are not appropriate. The element type is SYSSSL and should be assigned to restart level 2. The element name is GSKSRVR_sysname. For example, the element name for the GSKSRVR started task on system DCESEC4 would be GSKSRVR_DCESEC4. Since the normal operating mode is to run the GSKSRVR started task on each system in the sysplex, the GSKSRVR started task registers with ARM to be restarted only if the started task fails and not if the current system fails. The TERMTYPE parameter of the ARM policy can be used to override this registration if you want. 8.If access to the ICSF callable services are protected with CSFSERV class profiles on your system, the GSKSRVR user ID might need to be given READ authority to call the ICSF CSFIQA and CSFPPRF callable services. These services are protected by the CSFIQA and CSFRNG profiles. If these callable services are protected with a generic CSF* profile in the CSFSERV class, access can be granted by entering:PERMIT CSF* CLASS(CSFSERV) ID(GSKSRVR) ACCESS(READ) SETROPTS RACLIST(CSFSERV) REFRESH -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Smith III, Phil (HPE Data Security (Voltage)) Sent: Tuesday, August 22, 2017 2:26 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: GSKSRVR trace Well, color me stumped yet again. I have no GSKSRVR member in any PROCLIB! What am I missing? (Yes, I know, "a GSKSRVR member"...) From: Smith III, Phil (HPE Data Security (Voltage)) Sent: Saturday, August 19, 2017 5:17 PM To: ibm-m...@bama.ua.edu Subject: RE: GSKSRVR trace Mike Schmutzok wrote: >I think you have to start the GSKSRVR first befor
Re: GSKSRVR trace
Quick search of z/OS VxRx.0 System SSL Programming /usr/lpp/gskssl/examples/gsksrvr.envar GSK.SGSKSAMP(GSKSRVR) Rob Schramm On Tue, Aug 22, 2017, 2:30 PM Lester, Bob wrote: > Hi Phil, > > Try GSK.SGSKSAMP? > > Thanks! > BobL > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Smith III, Phil (HPE Data Security (Voltage)) > Sent: Tuesday, August 22, 2017 12:26 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: GSKSRVR trace [ EXTERNAL ] > > Well, color me stumped yet again. I have no GSKSRVR member in any PROCLIB! > What am I missing? (Yes, I know, "a GSKSRVR member"...) > > From: Smith III, Phil (HPE Data Security (Voltage)) > Sent: Saturday, August 19, 2017 5:17 PM > To: ibm-m...@bama.ua.edu > Subject: RE: GSKSRVR trace > > Mike Schmutzok wrote: > >I think you have to start the GSKSRVR first before starting the GSK > writer. We had to do an SSL trace per IBM's request and the following was > the process they gave to us. Note, this was for a CICS trace so your reply > may be different. > > Well, that would certainly make sense, will try it! Thanks. > > Assuming it's the answer, I guess my next question is, "What is GSKSRVR?" > It sounds like it's the System SSL process, but System SSL works without > it, so that can't be right! > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > This e-mail transmission may contain information that is proprietary, > privileged and/or confidential and is intended exclusively for the > person(s) to whom it is addressed. Any use, copying, retention or > disclosure by any person other than the intended recipient or the intended > recipient's designees is strictly prohibited. If you are not the intended > recipient or their designee, please notify the sender immediately by return > e-mail and delete all copies. OppenheimerFunds may, at its sole discretion, > monitor, review, retain and/or disclose the content of all email > communications. > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Rob Schramm -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: GSKSRVR trace
Lester, Bob wrote: > Try GSK.SGSKSAMP? That's it! GSKWTR was already there-this is an IBM system, so who knows what was where and why. I copied it and it started! When I get off this call I'll tinker with the trace. Thanks 10**6! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
