Hello Chandru Venkataraman,
to answer your question:
It's not practical to have read-write for all users (other) on the logs. What's the bare minimum (least privileges) required on this file?
CA XCOM is a data transport product that when installed is setup for all to use, and like other applications, can be customized and tailored. To limit who has access to which xcom.log, can be accomplished in a number of way's. For example:
- Create an XCOM user group and set the xcom.log access at a GROUP level: –rw-rw---. This will allow you to limit access by adding users and define who can
- XLOGFILE parameter.
- Use the CA XCOM History Record Feature
As each client environment is unique, I would recommend that you have a conversation with the systems administrator regarding setting up USER access to CA XCOM and would be more than happy to be a part of the conversation.
As far as the missing message, tried it here, but the message was present and we could not recreate.
Reviewing your output:
-rw-r--r--. 1 root xcomadm 291 Jul 21 15:47 APPFRAUD_XCOM_CONFIG1.20200721-154700.log
Will only allow the owner, root, to write to the file.0.
Is it because XCOMD runs as root user? Attempts to start XCOMD as non-root (via systemd) has proved futile so far. There is nothing logged in xcom.log, either except this:
XCOMD is required to run as root: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-miscellaneous/legacy_bookshelves_and_pdfs/bookshelves_and_pdfs/bookshelves/ca-xcom-data-transport-for-unix-linux.html
-r-sr-s--- 1 root xcomadm 1744446 Jun 4 06:38 xcomd
so that it has the ability to switch between the real and effective (root/user) userid's (like su) when starting a transfer.
Note: XCOMD deamond is used to start scheduled transfers, re-started locally initiated failed transfers (if specified) and manage the Q.
One can start XCOM vis systemd, but it cannot be as non-root.
I also recommend that you open a ticket and start a conversation with CA XCOM technical support team and forward you xcom.glb and .cnf transfer parameters you are specifying for the transfer
I will look further into the missing message and see if we can recreate here in our lab.
Regards,
-Ken
------------------------------
Sr Software Engineer
Broadcom
------------------------------
Original Message:
Sent: 07-11-2020 05:53 PM
From: Chandrasekaran Venkataraman
Subject: XLOGFILE does not capture XCOMU0011I message?
CA XCOM Data Transport r11.6 16083 SP01 64bit (for <no SNA support>)
When using the following command:
$ xcomtcp -c1 -f /File_Transfer/appxcom/conf/history/HISTORY_XCOM_CONFIG1.conf XLOGFILE=/File_Transfer/appxcom/log/history/HISTORY_XCOM_CONFIG1.20200712-065223.log
The stdout (displayed on screen) shows the following:
2020/07/12 06:52:23 TID=000088 [/File_Transfer/nasdata/outbound/Fraud/History/History.csv --> /data/FCP/2300_LND_FCCM/FRAUD/BIX/output/History/History.csv at xx.xxx.xxx.xx]
XCOMU0029I Locally initiated transfer started.
2020/07/12 06:52:24 TID=000088
XCOMU0011I Transfer ended; 40 blocks (1238199 bytes) transmitted in 1 seconds (1238199 bytes/second)
However, the log file created by the XLOGFILE directive, is missing that XCOMU0011I trasfer status message:
$ cat /File_Transfer/appxcom/log/history/HISTORY_XCOM_CONFIG1.20200712-065223.log
2020/07/12 06:52:23 TID=000088 [/File_Transfer/nasdata/outbound/Fraud/History/History.csv --> /data/FCP/2300_LND_FCCM/FRAUD/BIX/output/History/History.csv at xx.xxx.xxx.xx]
XCOMU0029I Locally initiated transfer started.
This is a consistent behaviour. I read the KB at the URL below which suggests "-rw-rw-rw-." permission on the log file
https://knowledge.broadcom.com/external/article?articleId=55532
It's not practical to have read-write for all users (other) on the logs. What's the bare minimum (least privileges) required on this file?
Thanks & Regards,
Chandru Venkataraman