Help

 

Archive Management

Archive Management allows you to manage archive requests and create archive requests.

You can view two types of archive requests:

  • Active - Displays a list of currently active requests, active sessions for a request, and archived activity that has been sent to SIEM for each request. From here, you can also create an archive request.

  • Inactive - Displays a list of inactive requests and archived activity that has been sent to SIEM for each request.

View archive requests

  • To view active requests, click the Active tab.

  • To view inactive requests, click the Inactive tab.

Toolbar functions

Depending on the archive request tab, the toolbar allows you to perform the following functions:

Clicking Refresh allows the screen content to refresh.

 Clicking Filter allows for filtering within the tables by entering text. Multiple text items may be used when separated by a space.

 Clicking Menu allows for selecting a menu of functions.

Clicking Clear clears all fields on the page when creating a search rule.

 

Table columns

The following tables include the column headings:

Active Archives

  • Name - Identifies the name of the archive.

  • Description - Identifies the description of the archive.

  • Type - Identifies the archive by type—either 3270, TCP/IP, or MQ.

  • Sessions - Identifies the number of sessions in the archive.

  • Start Time - Identifies the start time for the item listed.

  • Duration - Identifies the duration for each item in a given list.

  • Base Dataset - Identifies the base datasets used to archive.

  • Last Archived - Identifies the time for the last segment.

Active Sessions

VTAM 3270

  • User ID - Identifies the user IDs for active sessions within an archive.
    The only valid values in the user ID field are the following characters:

    • alphanumeric

    • ? (this is a valid wildcard character)

    • * (this is a valid wildcard character)

    • @

    • #

    • $

  • Terminal - Identifies the terminals for active sessions within an archive.

  • Application - Identifies the applications for active sessions within an archive.

  • Start Time - Identifies the start time for the item listed.

  • Transaction - Identifies the number of transactions contained in an active session within an archive.

  • Lost - Identifies the number of transactions that were not archived.

MQ

  • Queue Manager - Identifies the queue manager captured.

  • Queue Object - Identifies the queue object name.

  • Start time - Identifies the start time for the item listed.

  • Last Update Time - Identifies the time for the active session.

  • Bytes - Identifies the size of the data in the active session.

TCP

  • Server Address - Identifies the TCP/IP server address of the capture.

  • Server Port - Identifies the server port of the active session.

  • Client Address - Identifies the client address for the active session.

  • Client Port - Identifies the client port for the active session.

  • Start time - Identifies the start time for the active session.

  • Last Update Time - Identifies the last update time for the active session.

  • Bytes - Identifies the size of the data captures in the active session.

Archived Activity

  • Start Time - Identifies the start time for the item listed.

  • End Time - Identifies the end time for the item listed.

  • Duration - Identifies the duration for each item in a given list.

  • SIEM Status - Identifies whether or not the SIEM transfer failed, succeeded, or is unknown for the archived activity.

 

To create an archive request

  1. Click and select Create Archive from the menu list. You may also right-click on a row and select Create Archive from the context menu. The Create Archive Request page appears.

 

Archive Actions

Only those action items that are valid for the selected archive are displayed and enabled.

Active

  • Clicking Switch allows the data captured to be set and ready to be sent to SIEM.

  • Clicking Stop stops the record function.

  • Clicking Open allows the viewing of the archive definition.

  • Clicking Duplicate clones the definition as a template for defining a new one.

  • Clicking Schedule Switch allows the times that a switch will occur to be modified, regardless of how full the file segment is.

  • Clicking Show Queued Searches displays the Queued Searches defined for that archive.

Inactive

  • Clicking Delete deletes the reference to the selected archive.

  • Clicking Open allows the viewing of the archive definition.

  • Clicking Duplicate clones the definition as a template for defining a new one.

  • Clicking Restart restarts an inactive archive.

  • Clicking Show Queued Searches displays the Queued Searches defined for that archive.

 

Related Topics

Welcome to Application Audit

Log on to Application Audit

Search Management

Create Archive Request