XCOM Data Transport

 View Only
  • 1.  XLOGFILE does not capture XCOMU0011I message?

    Posted Jul 11, 2020 05:53 PM
    CA XCOM Data Transport r11.6 16083 SP01 64bit (for <no SNA support>)

    When using the following command: 
    $ xcomtcp -c1 -f /File_Transfer/appxcom/conf/history/HISTORY_XCOM_CONFIG1.conf XLOGFILE=/File_Transfer/appxcom/log/history/HISTORY_XCOM_CONFIG1.20200712-065223.log

    The stdout (displayed on screen) shows the following: 

    2020/07/12 06:52:23 TID=000088 [/File_Transfer/nasdata/outbound/Fraud/History/History.csv --> /data/FCP/2300_LND_FCCM/FRAUD/BIX/output/History/History.csv at xx.xxx.xxx.xx]
    XCOMU0029I Locally initiated transfer started.

    2020/07/12 06:52:24 TID=000088
    XCOMU0011I Transfer ended; 40 blocks (1238199 bytes) transmitted in 1 seconds (1238199 bytes/second)

    However, the log file created by the XLOGFILE directive, is missing that XCOMU0011I trasfer status message: 

    $ cat /File_Transfer/appxcom/log/history/HISTORY_XCOM_CONFIG1.20200712-065223.log
    2020/07/12 06:52:23 TID=000088 [/File_Transfer/nasdata/outbound/Fraud/History/History.csv --> /data/FCP/2300_LND_FCCM/FRAUD/BIX/output/History/History.csv at xx.xxx.xxx.xx]
    XCOMU0029I Locally initiated transfer started.

    This is a consistent behaviour. I read the KB at the URL below which suggests "-rw-rw-rw-." permission on the log file
    https://knowledge.broadcom.com/external/article?articleId=55532

    It's not practical to have read-write for all users (other) on the logs.  What's the bare minimum (least privileges) required on this file?

    Thanks & Regards,
    Chandru Venkataraman


  • 2.  RE: XLOGFILE does not capture XCOMU0011I message?

    Broadcom Employee
    Posted Jul 12, 2020 06:54 PM
    Hi Chandru, @Chandrasekaran Venkataraman
    So far, I haven't been able to find any other useful information on this subject, so I will ask engineering to provide some input.

    Regards,

    Lynn​

    ------------------------------
    Lynn Williams
    Senior Principal Support Engineer
    Broadcom
    Australia
    ------------------------------



  • 3.  RE: XLOGFILE does not capture XCOMU0011I message?

    Posted Jul 13, 2020 03:16 AM
    Hi Chandru,

    Required file permissions depend on the way you want to use the file. Are you planning to use separate log files for each transfer or you want to use the same log file for all transfers? Are the transfers performed by different user accounts on the system or is it selected user accounts?
    If you want to use different log files for each transfer, the file gets generated automatically and regular R/w permissions for the current transfer owner are sufficient. If you want the same file used by all transfers to capture the messages of all transfers, the required permissions depend on the set of users that performs transfers. If there are multiple users, then R/W permissions are required for all of them to be able to update the same file.
    Hence it was mentioned that R/W permissions required for "Other" users as well.
    Alternatively, you can create a group with all of the user accounts responsible for issuing transfers and provide R/W permissions at the group level.
    So the final permissions can look like RW-RW---- and ownership should be with user: group

    Hope this helps. 

    Thanks,
    Shiva ​

    ------------------------------
    Principle Software Engineer
    XCOM Engineering Team, Mainframe Division
    Broadcom
    ------------------------------



  • 4.  RE: XLOGFILE does not capture XCOMU0011I message?

    Posted Jul 21, 2020 02:35 AM

    [ CBA Information Classification: Customer and Personal ]

     

    Hi Shiva,

     

    The log file generated appears to be created as root with 644 permission even though the log directory has full permissions for everyone and the directory is owned by user acoe_xcfcm_d:

     

    # ls -ld /File_Transfer/appxcom/

    drwxrwxrwx. 7 acoe_xcfcm_d xcomadm 71 Jul  4 11:21 /File_Transfer/appxcom/

    # ls -ld /File_Transfer/appxcom/log

    drwxrwxrwt. 15 acoe_xcfcm_d xcomadm 248 Jul  4 10:24 /File_Transfer/appxcom/log

    # ls -ld /File_Transfer/appxcom/log/appfraud/

    drwxrwxrwt. 2 acoe_xcfcm_d xcomadm 55 Jul 21 15:47 /File_Transfer/appxcom/log/appfraud/

    # ls -l /File_Transfer/appxcom/log/appfraud/

    total 4

    -rw-r--r--. 1 root xcomadm 291 Jul 21 15:47 APPFRAUD_XCOM_CONFIG1.20200721-154700.log

     

    Is it because XCOMD runs as root user? Attempts to start XCOMD as non-root (via systemd) has proved futile so far. There is nothing logged in xcom.log, either except this:

     

    2020/07/21 15:40:20  PRG=xcomd PID=14279

        0088I The XCOMD CA XCOM Data Transport Scheduler Service started, Version r11.6 16083 SP01 64bit for Unix (<no SNA support>).

     

    2020/07/21 16:03:25  PRG=xcomd PID=14279

        XCOMU0089I xcomd ended.

     

     

    Thanks & Regards,

    Chandru

     

     

     [ CBA information handling guidelines can be found on our web site: commbank.com.au/DataClass ]  






  • 5.  RE: XLOGFILE does not capture XCOMU0011I message?

    Posted Jul 21, 2020 04:38 AM
    Edited by Shivaramakrishna Chakravarthula Jul 21, 2020 04:46 AM
    Hi Chandru,

    We may need some additional details to assist you further with this query and public forum may not be an appropriate place to exchange your site-specific information. Can you please open a case with support so that we can gather some additional information to better understand the situation and assist you further with this query?

    Thanks,
    Shiva


    ------------------------------
    Principle Software Engineer
    XCOM Engineering Team, Mainframe Division
    Broadcom
    ------------------------------



  • 6.  RE: XLOGFILE does not capture XCOMU0011I message?

    Broadcom Employee
    Posted Jul 21, 2020 11:02 AM

    Hello Chandru Venkataraman,

    to answer your question:

    It's not practical to have read-write for all users (other) on the logs.  What's the bare minimum (least privileges) required on this file? 

    CA XCOM is a data transport product that when installed is setup for all to use, and like other applications, can be customized and tailored.  To limit who has access to which xcom.log, can be accomplished in a number of way's. For example: 

    • Create an XCOM user group and set the xcom.log access at a GROUP level: –rw-rw---. This will allow you to limit access by adding users and define who can
    • XLOGFILE parameter. 
    • Use the CA XCOM History Record Feature

    As each client environment is unique, I would recommend that you have a conversation with the systems administrator regarding setting up USER access to CA XCOM and would be more than happy to be a part of the conversation. 

    As far as the missing message, tried it here, but the message was present and we could not recreate.

    Reviewing your output:

     

    -rw-r--r--. 1 root xcomadm 291 Jul 21 15:47 APPFRAUD_XCOM_CONFIG1.20200721-154700.log

     

    Will only allow the owner, root, to write to the file.0.

    Is it because XCOMD runs as root user? Attempts to start XCOMD as non-root (via systemd) has proved futile so far. There is nothing logged in xcom.log, either except this:


    XCOMD is required to run as root: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-miscellaneous/legacy_bookshelves_and_pdfs/bookshelves_and_pdfs/bookshelves/ca-xcom-data-transport-for-unix-linux.html

     

    -r-sr-s---    1 root     xcomadm     1744446 Jun  4 06:38 xcomd

     

    so that it has the ability to switch between the real and effective (root/user) userid's (like su) when starting a transfer.

    Note: XCOMD deamond is used to start scheduled transfers, re-started locally initiated failed transfers (if specified) and manage the Q. 

    One can start XCOM vis systemd, but it cannot be as non-root. 

    I also recommend that you open a ticket and start a conversation with CA XCOM technical  support team and forward you xcom.glb and .cnf transfer parameters you are specifying for the transfer 

    I will look further into the missing message and see if we can recreate here in our lab.

    Regards,

     -Ken



    ------------------------------
    Sr Software Engineer
    Broadcom
    ------------------------------



  • 7.  RE: XLOGFILE does not capture XCOMU0011I message?

    Posted Jul 21, 2020 03:26 PM

    [ CBA Information Classification: Customer and Personal ]

     

    Hi Ken,

    Thanks for the insights!

    I've raised a Case w/ XCOM Support.

     

    Thanks & Regards,

    Chandru Venkataraman

     

     

     

     [ CBA information handling guidelines can be found on our web site: commbank.com.au/DataClass ]