This report uses the standard SYSPRINT, SYSIN, and RECxxxxx files. See Common Files in “The Reports” chapter for information about these files.
The Dataset Event Log also uses the following file:
This optional file contains the ACFRPTDS dump report that shows invalid SMF records in HEXDUMP format. The dump report and the report output file (SYSPRINT) are cross‑referenced by dump numbers. To use the dump report, you must use a CMS FILEDEF command to specify this file before running the report.
This file has the same characteristics as the SYSPRINT file. Do not assign both HEXDUMP and SYSPRINT to the TERMINAL or PRINTER devices. This interweaves the output of both reports, causing confusion. If you specify DISK as the output device for both reports, be sure you specify different file IDs.
If the report generator finds a FILEDEF for HEXDUMP with a device of DISK that has the FILEDEF commands default file ID of HEXDUMP FILE A, it assigns a file ID of ACFRPTDS HEXDUMP A to the file.
If the output device is PRINTER, the output file is assigned a filename and filetype of ACFRPTDS HEXDUMP.
The ACFRPTS utility does not issue a FILEDEF command for this file. You can enter one before starting the utility.
See Running the Reports in “The Reports” chapter for information about running this report manually.
Follow the instructions listed in Running Reports Using the ACFRPTS EXEC in “The Reports” chapter to use the ACFRPTS utility to run the Dataset Event Log. Select the DS option.
Listed below are the parameters and their defaults used to generate the DS report manually and using ACFRPTS.
These parameters specify which types of records this report will format. You can specify any combination of these parameters. If you do not specify a parameter, ALL (the default) takes effect. These parameters operate in an inclusive OR manner. For example, if you specify PGMNAME and VIO, the report details every access to a protected program and every data access that resulted in a CA ACF2 for z/VM access control violation.
ALL
Formats information for all journaled accesses. However, if you specify the MASK parameter, the report does not contain program records.
INSTALL
Formats user records that were created whenever any of the CA ACF2 for z/VM data set validation user exits (VIOEXIT, DSNGEN, and VLDEXIT) requested the access be journaled to SMF.
LOGGING
Formats all records produced for accesses that CA ACF2 for z/VM allowed but the access rule requested a journal record. CA ACF2 for z/VM also issues logging records when the access was allowed through a user's SECURITY, NON‑CNCL, or READALL privilege. These privileges can override an access rule recommendation.
PGMNAME
Formats logging or violation records written for attempts to access data through protected or logged programs. Also displays all trace records written for access attempts made through any program.
TAPE
Formats records written for tape access requests validated on the volume level (as opposed to tape access requests validated at the data set name level). Validation on the volume level occurs when the volser was specified on the secured volume list or the DSNGEN user exit was taken.
TRACE
Formats records produced for a user with the TRACE attribute specified in their logonid record. CA ACF2 for z/VM writes trace records regardless of whether access was denied or logged. KEYLOOP and KEYEXEC trace records are always produced when that condition occurs, regardless of the TRACE attribute.
UNKNOWN
Formats unknown type records issued when CA ACF2 for z/VM data set access validation SVC detected an error condition, such as an invalid parameter list. These records indicate an access attempt for which CA ACF2 for z/VM could not make a proper determination. In this case, the access was aborted and the UNKNOWN type record (INVPARMS) was produced. The report output contains whatever information CA ACF2 for z/VM could determine, but may contain invalid data and be printed in hexadecimal notation.
VIOLATIO
Formats records produced because of an attempted violation of access controls.
The SHORT parameter prints only the cross‑reference table. The cross‑reference table provides a listing of data set prefixes and the logonids that accessed data sets with that prefix, showing the access counts. The DETAIL parameter (the default) prints all detailed information.
This parameter specifies the Julian date you are using as an ending point for selecting information.
c
0 to indicate the 20th century or 1 to indicate the 21st century.
yy
The year.
ddd
The day of the year.
When combined with the SDATE parameter, this parameter creates a window for report content. The defaults for SDATE and EDATE causes the report generator to process all available records. The default is 169365, December 31, 2069.
This parameter specifies the end of the time interval for selecting SMF records. This time is based on a 24‑hour clock. Any SMF records generated after the specified time of day are ignored. The default is 2359.
This parameter further defines the default terminal report format. EXTEND displays the maximum information from a record. NOEXTEND displays a consistent four‑line format for the report.
This parameter selects SMF records printed in hexadecimal dump format. This option is provided primarily for diagnostic purposes.
If a report generates a hex dump of an SMF record, the dumped record shows a four‑byte RDW (two bytes for the record length followed by two‑bytes of binary zeros). This is true even when the input file does not have a RDW. This is the internal format of every SMF record that matches the SMF mapping macros. It provides a consistent format for the dump. This information applies to records dumped due to an error in the SMF record and when you specify HEX.
This parameter specifies the job name to limit records appearing on this report to those pertaining to the job or jobs indicated by the job name or job name mask. You must use commas or blanks to separate multiple job names. The default is all jobs. In VM, this is equal to the virtual machine user ID.
This parameter lets you request information for a particular logonid or group of logonids. The default requests information for all logonids that had an access journaled.
This parameter specifies the number of output lines printed on a page. CA ACF2 for z/VM report generators that issue multiple line reports check whether a complete report item will fit on a page to prevent splitting the information. Only by the physical constraints of the output media you are using limits the maximum number of output lines per page. The default is 60.
This parameter lets you request information for a particular data set or group of data sets. This function is useful when you are investigating access to a particular user's data. For example, to format a report for the SYS1 data set loggings, specify MASK(SYS1.‑). The default is all data sets.
This parameter lets you exclude information pertaining to a certain logonid or group of logonids. For example, specify NLIDMASK(PAY‑) to exclude any information pertaining to the logonids that begin with the letters PAY. This parameter overrides the LIDMASK parameter.
This parameter lets you exclude information pertaining to a certain data set or group of data sets. For example, specify NMASK(SYS1.‑) to exclude any information pertaining to the SYS1 data sets. This parameter overrides the MASK parameter.
This parameter specifies the Julian date you are using as a starting point for selecting information.
c
0 to indicate the 20th century or 1 to indicate the 21st century.
yy
The year.
The day of the year.
The report generator ignores any input SMF records generated before the SDATE value. The default is 000000.
This parameter defines the SMF record number CA ACF2 for z/VM uses. Generally, this parameter is not necessary because the default SMF numbers are usually correct. The SMF record numbers required for a report are the combined SMF record number for every system that produced the SMF data and the precombined SMF record numbers for the CA ACF2 for z/VM SMF record type the report generator processes. Do not specify precombined SMF record numbers for CA ACF2 for z/VM SMF record types that this report does not process.
If this parameter enters any SMF record number, the report generator only processes those SMF records. It does not use the defaults.
Default SMF numbers are determined in the following manner:
If you are processing z/OS SMF data and use the default SMF record numbers for other types of SMF records on the z/OS system, you must specify the correct SMF number in this parameter.
When processing CA ACF2 for z/VM SMF data on VM, you must specify this parameter if you are running reports during a NOAUTO IPL and you are not the NOAUTO UPDATE user and the SMF record numbers are not the same as the defaults. You also need to specify this parameter if the @SMF macro in the ACFFDR specifies incorrect SMF record numbers.
This parameter defines the number of elements permitted at the end of the report in the data set prefix/logonid cross‑reference table. The report builds a cross‑reference entry for each data set prefix to logonid combination. Each element in this table is 20 bytes long, therefore, the table takes 20 times the number of SIZE bytes of memory. The default table size occupies 50,000 bytes (49K) of memory.
This parameter specifies the beginning of the time interval for selecting SMF records. This time is based on a 24‑hour clock. Any SMF records generated before the specified time of day are ignored. The record selection begins at the STIME specified for each date in the SDATE/EDATE range and ends on each date at the ETIME you specified. The default is 0000.
Specify the CA ACF2 for z/VM system ID that was active on the system when the SMF records were generated. You can specify a single system ID or a system ID mask. You cannot specify multiple masks or a series of IDs. The default is all systems.
Specify the output format. You can specify only one of these parameters per report. If you do not specify one, CA ACF2 for z/VM uses TERMINAL (the default).
PRINTER
Displays a three‑line detail section for each record (133 characters per line). If you process TRACE records, the detail section contains three to five lines.
SUMMARY
Displays a one‑line detail section for each record (133 characters per line). Each detail section contains minimal information about the accessed data set and the user involved.
TERMINAL
Displays a five‑line detail section for each record. This format is suitable for a limited display screen. You can produce an optional four‑line report by using the NOEXTEND parameter. This format usually fits on an 80‑character screen width with an occasional wrap around due to long data set names. If you process TRACE records, the number of lines per logging record ranges from six to 12.
This parameter specifies a character string that is added to the other title information at the top of the report. This character string can be up to 35 characters long. If you do not specify this parameter, the report generator uses the first 35 characters in the command parameters. If this character string is longer than 35 characters, it uses the first 35 characters. If you use ACFRPTS or the full‑screen feature, you cannot specify command parameters.
This parameter specifies the UID mask the report pertains to. Dash (‑) is the default, reporting on all UIDs.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|