MQ Auditor Overview
The MQ Auditor v2.4.0 (MQA) is a solution that allows a company to audit / track all MQ API calls performed by MQ applications that are connected to a queue manager. The API Exit operates with IBM MQ v7.0, v7.1, v7.5, v8.0 and v9.0 in Windows, Unix, IBM i and Linux environments.
Under IBM MQ v5.3 and higher, MQA audits the following MQ API calls: MQCONN, MQCONNX, MQOPEN, MQGET, MQPUT, MQPUT1, MQINQ, MQSET, MQCLOSE, MQDISC, MQBACK, MQBEGIN and MQCMIT.
Under IBM MQ v18.104.22.168 and higher, MQA audits the above calls as well as the following calls: XASTART, XAEND, XAOPEN, XACLOSE, XACOMMIT, XACOMPLETE XAFORGET, XAPREPARE, XARECOVER, XAROLLBACK, AX_REG and AX_UNREG.
Under IBM MQ v7.0 and higher, MQA also audits the additional following MQ API calls: Message Properties, MQCALLBACK, MQCB, MQCTL, MQSTAT, MQSUB and MQSUBRQ.
MQA is designed to provide the user with all of the information of an MQ API call in "human readable" format. Human readable implies that it will convert binary fields into their MQ defined name (i.e. ObjType=MQOT_Q). It will convert Command Server / PCF messages into human readable messages. The user can control the fields that are outputted for each of the following MQ structures: MQCNO, MQOD, MQGMO, MQPMO and MQMD, (for v7: MQCBC, MQCBD, MQSTS and MQSD).
MQA handles the following MQ embedded message types: MQCIH, MQDH, MQDLH, MQIIH, MQRFH, MQRFH2, MQRMH, MQTM, MQWIH, MQXQH, MQHSAP, SMQBAD. The user can control the fields that are outputted for each of the MQ embedded messages.
MQA's default behavior is to log all MQ API calls by all applications (users). The user can define 3 types of filters: Applications, UserIDs and Queues.
- Applications means that MQ Auditor will log all MQ API calls whose application name matches the filter value.
- UserIDs means that MQ Auditor will log all MQ API calls whose UserID matches the filter value.
- Queues means that MQ Auditor will log all MQ API calls whose queue name matches the filter value.
MQA is designed to output 1 line per API call (1 long line). The output (audit) information is written to plain text CSV (Comma Separate Value) files. There are 2 Audit CSV file types: QMgr and Queue. Audit information for MQGET, MQPUT, MQPUT1, MQINQ and MQSET related to a queue is written to the Queue Audit file and audit information for all other calls is written to the QMgr Audit file.
The user can choose to have the output (audit) information written to a local or remote queue rather than to a file. From an MQA point of view, this is a very dangerous feature. The reason it is dangerous is that MQA audits / monitors all MQ API calls and for each call it generates audit data. If the audit data is written to a queue then this action can potentially cause an endless loop (MQA will audit itself, over and over again). Therefore, the "audit queue" is not audited / monitored nor is the transmit queue if remote queue is used. If the user is using a remote queue then it is strongly recommended that a separate channel and transmit queue be used so that the normal transmit queue can be audited / monitored. The user will need a program to read the messages from the 'audit queue' and write the information somewhere (i.e. database).
MQA can explicitly not write audit information for particular queues and it can explicitly not write information when MQ issues particular reason codes (i.e. 2033).
On IBM i, Linux, Unix and Windows, MQA can be configured and used with a non-default installation of MQ in a multi-install MQ environment.
Audit Queue Off Load
Audit Queue Off Load (AQOL) is a new companion application for MQ Auditor. The purpose of AQOL is to retrieve audit records from the audit queue and write the audit records to plain text CSV (Comma Separate Value) files. To use the new AQOL application, the user will activate the audit queue feature within MQ Auditor. Hence, all audit data will be written to the audit queue and will be processed by the new AQOL application. For an overview of MQA's AQOL, please see the blog posting here.
- MQA is available in 3 forms:
- Windows DLL
- Shared library for AIX, HP-UX, Linux and Solaris
- IBM i (OS/400) exit module
- MQA major features are:
- Audit / track all MQ API calls issued by an MQ application
- MQA is designed to provide the user with all of the information of an MQ API call in "human readable" format.
- Provides the audit files in an easy to manage CSV (Comma Separated Value) format
- The user can define 3 types of filters: Applications, UserIDs and Queues
- The user can select to have the CSV data written to a queue rather than a file
- The user can select to not have audit information written for particular reason codes
- The server-side API Exits are provided in the format of a native DLL / shared library and are currently available for AIX, HP-UX, iSeries (OS/400), Linux, Solaris and Windows. The pricing of Capitalware's MQ Auditor solution is on a 'per queue manager' basis.
|Operating System||MQ v7.0, v7.1, v7.5, v8.0, & v9.0|
|AIX v6.1, v7.1 or higher||64-bit|
|HP-UX IA64 v11.23 or higher||64-bit|
|IBM i v6.1, v7.1 or higher||64-bit|
|Linux on POWER||64-bit|
|Linux on System z (zSeries)||64-bit|
|Solaris SPARC v8, v9, v10 & v11||64-bit|
|Solaris x86_64 v10 & v11||64-bit|
|Windows 2003, 2008, 2012, Vista, 7, 8, 8.1 & 10||32-bit & 64-bit|
|Product||Price (USD) *||Ordering|
|MQ Auditor (per license**)||$299.00|
|Yearly maintenance and support fee||15%|
* Volume discounts available for as low as $229.00 USD per license plus 15% yearly maintenance and support fee.
** MQ Auditor is licensed on a per queue manager basis.
- Each licensed user will receive:
- Full version of MQ Auditor
- Free updates / upgrades to any version 2.x release.
- Email/ Help Desk support
|Enterprise License for MQ Auditor:|
|Enterprise License for MQ Auditor sells for $55,000 USD plus 15% yearly maintenance and support fee. An enterprise license will allow a company to have unlimited number of queue managers use MQ Auditor at an unlimited number of locations.|