SMF Records for sftp

A discussion of Co:Z sftp, a port of OpenSSH sftp for z/OS
Post Reply
cagatayucuzal
Posts: 34
Joined: Thu Jun 01, 2017 9:15 am

SMF Records for sftp

Post by cagatayucuzal » Wed Nov 01, 2017 1:29 am

Hello Support
we need to activate SMF Records for COZ sftp
How can we activate this records? (I known that ssh SMF record type 119)

is there any effect sftp performance? Because in our system runnning nearly 70k sftp jobs in a day,
it is very importan for us sftp performance

Do you have any comment?

Regards
Cagatay

dovetail
Site Admin
Posts: 1781
Joined: Thu Jul 29, 2004 12:12 pm

Re: SMF Records for sftp

Post by dovetail » Fri Nov 03, 2017 10:21 am

Information on using SMF with CO:Z SFTP can be found here:

https://dovetail.com/docs/sftp/smf-support.html

To enable, just add the "smf" option to the "fixed:" section of these files:

/etc/ssh/cozsftp_config (for client)
/etc/ssh/cozsftp_server_config ( for server)

See "E.3 Enabling SMF recording" for more information, especially the required RACF permissions required.

I would suggest that you enable this in your test environment to measure any impact. Generally, the overhead of writing a couple of SMF records for each file transfer is not significant when compared to the overhead of using SSH. But if you have a lot of transfers, you may need to plan for (2) SMF records for each transfer and plan for the impact that that will have to your SMF data sets.

cagatayucuzal
Posts: 34
Joined: Thu Jun 01, 2017 9:15 am

Re: SMF Records for sftp

Post by cagatayucuzal » Tue Nov 14, 2017 5:18 am

Hello
Should I find OMVS segment folder which We installed folder?


/etc/ssh/cozsftp_config (for client)
/etc/ssh/cozsftp_server_config ( for server)

dovetail
Site Admin
Posts: 1781
Joined: Thu Jul 29, 2004 12:12 pm

Re: SMF Records for sftp

Post by dovetail » Wed Nov 15, 2017 10:47 am

I'm sorry, but I don't understand your question.

cagatayucuzal
Posts: 34
Joined: Thu Jun 01, 2017 9:15 am

Re: SMF Records for sftp

Post by cagatayucuzal » Fri Nov 17, 2017 5:23 am

always mainframe connects other server so, mainframe is always sftp client.
should I change cozsftp_config?

I didn't find cozsftp_config.
thise file using in "cozsftp" ?
if there is I can find where execute this

Regards

SteveGoetze
Posts: 376
Joined: Fri Jul 30, 2004 5:29 pm

Re: SMF Records for sftp

Post by SteveGoetze » Fri Nov 17, 2017 8:31 am

To enable SMF recording for all client jobs, please follow the instructions in the documentation:

https://www.dovetail.com/docs/sftp/session-config.html

Section C.2 shows how to specify the smf option in the fixed: section of /etc/ssh/cozsftp_config.

A sample version of this file can be found at <COZ_INST>/samples/cozsftp_site_config

You should also confirm that you have met the other requirements for SMF recording, documented here:

https://www.dovetail.com/docs/sftp/smf- ... ml#d0e6364

cagatayucuzal
Posts: 34
Joined: Thu Jun 01, 2017 9:15 am

Re: SMF Records for sftp

Post by cagatayucuzal » Thu Nov 23, 2017 7:41 am

in cozsftp


İHOME/.ssh/cozsftp_config

but there is no file it this folder

we changed this file folder

x/CoZ/cozsftp_config
added "smf" fixed section

run the jobs, we saw this message, is that right?

ZosSettings$W¨: Fixed section found in user config file - ignoring

cagatayucuzal
Posts: 34
Joined: Thu Jun 01, 2017 9:15 am

Re: SMF Records for sftp

Post by cagatayucuzal » Fri Nov 24, 2017 3:20 am

is that the same which you advice?


1. To enable SMF recording for the client side, in the /etc/ssh/zos_ssh_config
file, set the keyword:
ClientSMF TYPE119_U83
or
ClientSMF TYPE119_U84

cagatayucuzal
Posts: 34
Joined: Thu Jun 01, 2017 9:15 am

Re: SMF Records for sftp

Post by cagatayucuzal » Fri Nov 24, 2017 5:59 am

I Run cozsftp job with -vvv option
our jobs read /etc/ssh/zos_ssh_config
I added this file

ClientSMF TYPE119_U83

after that

I saw

debug1: zsshSmfSetConnSmfStatus: changing SMF status from 0 to 83

it that okey with Smf what is your comment?
Regards
Cagatay

dovetail
Site Admin
Posts: 1781
Joined: Thu Jul 29, 2004 12:12 pm

Re: SMF Records for sftp

Post by dovetail » Sat Nov 25, 2017 11:14 am

When you use Co:Z SFTP, you are using IBM z/OS OpenSSH for the SSH layer.
You can configure IBM OpenSSH to write SMF records for the *connection*. These will be 119 subtypes 94,95, and 98:
https://www.ibm.com/support/knowledgece ... smfrec.htm
These records are useful if you want to track all SSH connections and what crypto algorithms that they are using.

If you want SMF records for Co:Z SFTP file transfers, then see this section in the documentation:
https://dovetail.com/docs/sftp/smf-support.html
You can get 119 subtype 3, and 70 records, which are the same format as IBM FTP uses and can support data sets.

To enable, just add the "smf" option to the "fixed:" section of these files:

/etc/ssh/cozsftp_config (for client)
/etc/ssh/cozsftp_server_config (for server)

(You didn't follow this advice before, since you tried to add a fixed section to the user's configuration files in $HOME/.ssh )

cagatayucuzal
Posts: 34
Joined: Thu Jun 01, 2017 9:15 am

Re: SMF Records for sftp

Post by cagatayucuzal » Tue Nov 28, 2017 6:29 am

as I said before our cozjcl using

/etc/ssh/zos_ssh_config

not this folder;

/etc/ssh/cozsftp_config (for client)

So there is no effect when we change cozsftp_config

is there any wrong configuration?

Not: every thing work fine :)

dovetail
Site Admin
Posts: 1781
Joined: Thu Jul 29, 2004 12:12 pm

Re: SMF Records for sftp

Post by dovetail » Tue Nov 28, 2017 4:54 pm

1) What SMF 119 record subtypes do you want to collect? (3, 70, 94, 95, 98, ...) ?
If you can not answer this question, then I can not help you.

2) Do this in a z/OS Unix shell on the LPAR that you are using and post the console output:

cd /etc/ssh
ls -al
cat cozsftp_config
cat cozsftp_server_config
cat zos_ssh_config
cat zos_sshd_config

Post Reply