This report uses the standard SYSPRINT, SYSIN, and REC(xxxxx) files. ACFRPTPP also uses the following files:
ACFRPTPP creates intermediate files identified by ddnames that begin with the characters SMF. You can use these files to collect any combination of SMF records you want. You can then use these files as input to sort procedures: CA ACF2 for z/VM report generators and user-developed programs. The following standard files are CA ACF2 for z/VM-defined:
|
DDName |
File Description |
|---|---|
|
SMFAR |
Rule database modification journal records. |
|
SMFCL |
CA ACF2 for z/VM command limiting journal records. |
|
SMFCR |
TSO command trace records. |
|
SMFCT |
CA ACF2 for z/VM ACFSERVE command limiting journal records. |
|
SMFDL |
CA ACF2 for z/VM DIRMAINT event log records. |
|
SMFDR1 |
Data set access logging records. |
|
SMFDR2 |
Data set access violation records. |
|
SMFDR3 |
Data set access trace records. |
|
SMFDR4 |
Program access violation and logging records. |
|
SMFDR5 |
Program pathing transition. |
|
SMFFER |
Infostorage database modification journal records. |
|
SMFFLT |
Flat file records for CA Earl™ processing. |
|
SMFGF |
Flat file records for CA ACF2 for z/VM/GRO processing (CA ACF2 for z/VM does not support CA ACF2 for z/VM/GRO) |
|
SMFJR |
Logonid database modification journal records. |
|
SMFMR |
Mandatory Access Control (MAC) journal records. |
|
SMFNR |
Environment records. |
|
SMFPR |
System entry violation records. |
|
SMFSR |
System Authorized Facility (SAF) trace event records. |
|
SMFTR |
Restricted logonid journal records. |
|
SMFVR |
Generalized Resource Facility (GRF) event journal records |
|
SMFZR |
DDB journal records. |
You can use one or more ddnames of the following formats to define additional files:
This ddname format lets you specify the number of the particular SMF record type to be extracted. The ddname includes a number ranging from 0 to 255 that identifies the selected record type.
This ddname format lets you collect from one to four CA ACF2 for z/VM SMF record subtypes in a single data set. Each suffix letter in the ddname can specify a valid CA ACF2 for z/VM SMF record subtype. Following are some example ddnames of this format with a description of the corresponding CA ACF2 for z/VM SMF record subtype:
SMF$W
CP command limiting
SMF$C
ACFSERVE command
SMF$CW
Both ACFSERVE command and CP command limiting.
This ddname format lets you completely specify the contents of the file of extracted records. You can use any combination of one to five characters (excluding $ or # as the first character) to generate a unique ddname. Any ddnames for standard CA ACF2 for z/VM-defined files (as listed in the above table) are reserved.
When using this ddname format, you must also specify the report parameter as shown below:
SMFxxxxx(nnn|x,...,nnn|x,"description")
This parameter defines the records the user-defined file collects.
To produce an SMF record output file, you must enter a CMS FILEDEF command for that file. If you do not define an SMF record output file through a FILEDEF command, ACFRPTPP only outputs the summary report. If you are going to use ACFRPTPS or the full screen facility to run the reports, the filetype you specify on the FILEDEF command should be in the yydddsss format.
Listed below are the parameters and their defaults used to generate the ACFRPTPP report.
This parameter specifies the Julian date you are using as an ending point for selecting information.
c
0 to indicate the 20th century or 1 to indicate the 21st century.
yy
The year.
ddd
The day of the year.
When combined with the SDATE parameter, this parameter creates a window for report content. The defaults for SDATE and EDATE processes all available records. The default is 169365, December 31, 2069.
This parameter specifies the end of the time interval for selecting SMF records. This time is based on a 24-hour clock. Any SMF records generated after the specified time of day are ignored. The default is 2359.
This parameter prints selected SMF records in hexadecimal dump format. This option is provided primarily for diagnostic purposes.
If a report generates a hex dump of an SMF record, the dumped record shows a four-byte RDW (two bytes for the record length, followed by two bytes of binary zeros). This is true even when the input file does not have a RDW. This is the internal format of every SMF record that matches the SMF mapping macros. It provides a consistent format for the dump. This information applies to records dumped due to an error in the SMF record and when you specify HEX.
Specify the job name to limit records appearing on this report to those pertaining to the job or jobs indicated by the job name or job name mask. You must use commas or blanks to separate multiple job names. The default is all jobs.
This parameter specifies the number of output lines printed on a page. CA ACF2 for z/VM report generators that issue multiple line reports check whether a complete report item fits on a page to prevent splitting the information. Only the physical constraints of the output media you are using limits the maximum number of output lines per page. The default is 60.
This parameter limits selected records to the logonid or logonids that match the logonid mask. This parameter can produce the full set of CA ACF2 for z/VM reports for an individual logonid or a set of logonids.
This parameter specifies the Julian date you are using as a starting point for selecting information.
c
0 to indicate the 20th century or 1 to indicate the 21st century.
yy
The year.
ddd
The day of the year.
The report generator ignores any input SMF records generated before the SDATE value. The default is 000000.
This parameter defines the SMF record number for CA ACF2 for z/VM combined SMF records. Generally, this parameter is not necessary because the default SMF numbers are usually correct.
If you are processing z/OS SMF data and use the default combined SMF record number for other types of SMF records on the z/OS system, you must specify the correct SMF number in this parameter.
This parameter defines the record number of the SMF records the CA ACF2 for z/VM report generators use. Use commas or spaces to separate multiple record numbers in any single parameter. The following table shows each parameter name, default SMF record number (as defined in the ACFFDR @SMF macro), and record description:
|
Parameter Name |
SMF Record Number |
Record Description |
|---|---|---|
|
SMFAR |
230-R |
Access rule database modification journal |
|
SMFCT |
230-W |
Command limiting journal record |
|
SMFCR |
230-T |
TSO command trace record |
|
SMFCT |
230-C |
ACFSERVE command journal record |
|
SMFDL |
230-U |
DIRMAINT event log record |
|
SMFDR |
230-D |
Data set access event journal record |
|
SMFER |
230-E |
Infostorage modification journal record |
|
SMFFLT |
230-D 230-L 230-P 230-R 230-V |
Flat file records for CA Earl™ processing |
|
SMFGF |
230-D 230-P 230-V |
Flat file records for CA ACF2 for z/VM/GRO processing |
|
SMFJR |
230-L |
Logonid database modification journal record |
|
SMFPR |
230-P |
System entry violation journal record |
|
SMFTR |
230-J |
Restricted logonid trace record |
|
SMFVR |
230-V |
Resource event journal record |
|
SMFNR |
0, 7 230-A 230-G |
CA ACF2 for z/VM environment record |
For the previous parameters, you can specify the name with the characters SMF omitted, for example, AR(230).
The ACFFDR @SMF macro defines the default SMF record number for each CA ACF2 for z/VM record type.
This parameter defines the record number or numbers for CA ACF2 for z/VM SMF record types written by all releases of CA ACF2 for z/VM Security for z/OS. For example, SMF$R(223,230) defines the record number for Rule database modification records any CA ACF2 for z/VM release produces. This parameter is equivalent to specifying the SMFAR(223,230) parameter.
You must use commas or spaces to separate multiple record numbers in this parameter. You can omit the character SMF from the name of this parameter.
To specify combined record numbers, use the SELECT parameter instead of this parameter. The SELECT parameter lets you define the combined record number for several CA ACF2 for z/VM record types simultaneously.
This parameter defines the contents of an intermediate output file with a ddname format of SMFxxxxx. The value of xxxxx corresponds with the last one to five characters of the ddname. For example, this parameter would be SMFTEST if the corresponding ddname of the file is SMFTEST. The numbers or letter codes appear in parentheses (separated by commas or spaces) that define which SMF record types are collected in the intermediate file. For example, SMFTEST(C,R,”TEST FILE”) specifies a file of ACFSERVE command logging and Rule database modification records. This description can be up to 16 characters long.
You can substitute any pair of delimiting characters for the double quotes surrounding the file description. The second delimiter marks the end of the description. As an example, SMFTEST(C,R,”TEST” FILE) creates a description of TEST on the ACFRPTPP summary report. ACFRPTPP ignores the rest of the characters (FILE) and considers them a comment. If you omit the second delimiter, ACFRPTPP considers the delimiter placed just before the closing parenthesis. Always code single quotes in pairs (always code a closing quote).
You can omit the characters SMF from this parameter name (for example, TEST(C,R,”SHORT FORM”)).
This parameter specifies the beginning of the time interval for selecting SMF records. This time is based on a 24-hour clock. Any SMF records generated before the specified time of day are ignored. The record selection begins at the STIME specified for each date in the SDATE/EDATE range and ends on each date at the ETIME you specified. The default is 0000.
This parameter specifies the CA ACF2 for z/VM system ID that was active on the system when the SMF records were generated. You can specify a single system ID or a system ID mask. You cannot specify multiple masks or a series of IDs. The default is all systems.
This parameter specifies a character string that is added to the other title information at the top of the report. This character string can be up to 35 characters long. If you do not specify this parameter, the report generator uses the first 35 characters in the command parameters. If this character string is longer than 35 characters, it uses the first 35 characters.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|