Hello Paul,
this message would probably not help very much. People quite often restore
files from one machine to a different one. This is possible if you know
nodename and password and can be done without access as administrator.
What I would like to get is a clear indication that someone accessed data
using an administrator id.
Best regards
Gerhard

---
Gerhard Rentschler            email:g.rentschler AT rus.uni-stuttgart DOT de
Regional Computing Center     tel.   ++49/711/685 5806
University of Stuttgart       fax:   ++49/711/682357
Allmandring 30a
D 70550
Stuttgart
Germany



> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU]On Behalf Of
> Baines, Paul
> Sent: Friday, March 28, 2003 12:28 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: Client login with admin id and password
>
>
> I just noticed this information message in TSM server 5.1.6.1: ANR1639I.
> This seems to be an indication that a nodes IP address has
> changed. Look at
> the last three fields in a q node xxxx f=d. This message could
> then be sent
> to your monitoring software or you could run a daily script against the
> actlog table to search for it, then you have a list of any client
> connections that could be possible security breaches. I haven't
> tested this,
> just noticed it this second, but it looks like a nice feature.
>