Customer Requested Updates to MQCCI

January 7, 2019 Roger Lacroix

In December, I had a call with a potential customer regarding MQ Channel Connection Inspector (MQCCI). Their security concerns were similar to what I posted several months ago in “So You Secured MQ But How Do You Know It Is Secure?“.

During the discussion, they brought up a couple of interesting comments:

  • How to correlate a disconnection audit record with a connection audit record.
  • How to track how long the connection lasted for.

    • I thought either the MCASecurityId and RemoteSecurityId fields of the MQCD could be used to correlate the connect and disconnection audit records but they pointed out that they were pretty sure that those fields only get populated on Windows platforms only. After the call, I did some testing on non-Windows platforms and I was surprised to see that they were always blank (null/binary zeroes). D’Oh!

    So, I decided to add a new keyword called: IncludeTag. If this keyword’s value is set to ‘Y’, then MQCCI will add a randomly genereted 16 character tag on both the connection and disconnection audit records. Hence, this will allow the MQAdmin or anyone else to correlate the connection and disconnection audit records.

    Since, I was messing around with the code, I also added another new keyword called: IncludeDurationTime. If this keyword’s value is set to ‘Y’, then MQCCI will add the duration time (disconnect time minus connect time) to the disconnection audit record. The time is outputted in seconds and microseconds. i.e. 25.123456

    If the keywords AddDiscMessage, IncludeTag and IncludeDurationTime all have their value set to ‘Y’, then this is an example of the connection and disconnection audit records:

    2019/01/03 13:45:13.445483, CONN, Tag=DxfsTJRFxcEG8dQC, CD_QMgrName=MQWT1, CD_ChannelName=TEST.CHL, CD_ConnectionName=10.10.10.10, , CD_ShortConnectionName=10.10.10.10, CD_MaxMsgLength=4194304, CD_PutAuthority=MQPA_DEFAULT, CD_MCAUserIdentifier=roger, CD_RemoteUserIdentifier=roger, CD_RemotePassword_Length=0, CD_SSLCipherSpec=, CD_SSLClientAuth=MQSCA_REQUIRED, CD_CertificateLabel=, CXP_PartnerName=roger, CXP_SSLCertUserid=, CXP_SecurityParms_AuthenticationType=MQCSP_AUTH_USER_ID_AND_PWD, CXP_SecurityParms_UserId=roger, CXP_SecurityParms_Password_Length=8, CXP_SharingConversations=TRUE, CXP_MCAUserSource=MQUSRC_MAP, CXP_RemoteProduct=MQJB, CXP_RemoteVersion=0800,

2019/01/03 13:45:27.952108, DISC, Tag=DxfsTJRFxcEG8dQC, CD_QMgrName=MQWT1, CD_ChannelName=TEST.CHL, CD_ConnectionName=10.10.10.10, Duration=14.506625,

    The latest release of MQCCI for all platforms including z/OS is available for download. Send the email to support@capitalware.com if you want to try it out.

    Regards,
    Roger Lacroix
    Capitalware Inc.

    This entry was posted in Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Channel Connection Inspector, Unix, Windows, z/OS.

    Comments are closed.