Potkay, Peter M (CTO Architecture + Engineering)
2014-08-13 16:43:48 UTC
The chmod 2770 permissions on the /var/mqm/qmgrs/MyQM/errors directory are a pain in the butt. Our monitoring tools can't get in there. Apparently the permissions will revert back to this anytime the QM restarts. See here:
http://www-01.ibm.com/support/docview.wss?uid=swg21228976
Yeah, they give a kludgy work around. But then there are other tech notes that say don't mess with MQ dir permissions - period.
http://www-01.ibm.com/support/docview.wss?uid=swg21265111
So, while I scratch my head, wondering what the big deal was, why didn't IBM allow read access to world for the MQ error logs, what's the harm with reading an error log...how about getting the entries to go to the syslog. WMB does that by default. On Windows, MQ copies it into the Event Viewer.
All our monitoring tools have access to the syslog by default, so if our MQ entries were there as well it would be easy.
Anyone done this? How?
Other ideas?
I really do not want to add those monitoring IDs into the mqm group - who the heck knows who has access to those IDs.
Peter Potkay
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
http://www-01.ibm.com/support/docview.wss?uid=swg21228976
Yeah, they give a kludgy work around. But then there are other tech notes that say don't mess with MQ dir permissions - period.
http://www-01.ibm.com/support/docview.wss?uid=swg21265111
So, while I scratch my head, wondering what the big deal was, why didn't IBM allow read access to world for the MQ error logs, what's the harm with reading an error log...how about getting the entries to go to the syslog. WMB does that by default. On Windows, MQ copies it into the Event Viewer.
All our monitoring tools have access to the syslog by default, so if our MQ entries were there as well it would be easy.
Anyone done this? How?
Other ideas?
I really do not want to add those monitoring IDs into the mqm group - who the heck knows who has access to those IDs.
Peter Potkay
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html