IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Delivered
Workspace IBM Z and LinuxONE Systems Hardware
Categories HMC/Support Element (SE)
Created by Guest
Created on Oct 19, 2017

RELATED IDEAS

Enhancement to Security logs in HMC / SE

The security logs in the HMC and SE are very useful for Audit and security tracking. There is 1 item that we would like added.

Currently when a USB device is plugged / unplugged there is a Hardware message posted. Also at startup discovered USB devices are posted via Hardware messages.

The issue is that once the messages are cleared form the HMC (OPS normal operational process) there is no way to go back and review the USB items that were plugged / unplugged .

The ASK:
Have an option in the security logs to allow any removable media / USB devices to be logged . (Similar to how the network logging can be enabled / disabled today.

I can appreciate that some customers would consider this noise, but for use, it would be useful since all removable media needs to be track able. Hence the ask for the option to enable / disable it.

This way the security log can be dumped and a report quickly generated for audit with respect to Removable Media / USB usage.

Here is an example :

We see this at Power up of an HMC

October 19, 2017
2:14:00 PM
ACT04320I Device Monitor. Device Type: usb, Action: discovered at startup, Vendor: LITE-ON Technology, Model: USB NetVista Full Width Keyboard., Serial: N/A
Select
October 19, 2017
2:14:01 PM
ACT04320I Device Monitor. Device Type: usb, Action: discovered at startup, Vendor: 17ef, Model: Lenovo Optical Mouse, Serial: N/A
Select
October 19, 2017
2:14:01 PM
ACT04320I Device Monitor. Device Type: usb, Action: discovered at startup, Vendor: SMART, Model: USB 8GB 3, Serial: 2015100401ECB915B925

It is the USB Key that we would want to be able to track. If the serial # changes, we would need to know why. Currently this is not possible with the current security logs.

Thank you for your time

Peter Penner

Idea priority Medium
  • Guest
    Reply
    |     Feb 27, 2020

    Delivered in z14 GA2

  • Guest
    Reply
    |     Dec 5, 2017

    Yes. Adding it to the Audit Log is a good place for it.

    At this point the Audit log appears to only have RSF based info in it.

  • Guest
    Reply
    |     Nov 8, 2017

    Hello and Thank you for your input! We agree capturing the plugging/unplugging of a USB key in a log in addition to creating a hardware message is a reasonable thing to do, especially from an auditing point of view. If we made this change, this type of information makes sense to be captured in the "audit" log of the HMC/SE. This data would be viewable by a logged in user using the "Audit and Log Management" task. The information from that log can be captured for retention purposes with the "Customize Scheduled Operations" task and is also available for automation using the web services APIs on the HMC.

    If we provided this implementation, would it satisfy your requirement?

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.