Running CA Auditor › EXAMMON Address Space

EXAMMON Address Space

The z/OS UNIX analysis, baseline historical analysis, and SMF log stream features require EXAMMON. The EXAMMON procedure starts the long-running EXAMMON address space.

Note: The EXAMMON address space must run with TIME=1440 specified to prevent inadvertent time-outs.

Traveling license users should consider that EXAMMON allocates 1 KB of subpool=241 key=zero ECSA storage, which remains allocated for the duration of the IPL.

To run EXAMMON:

• The CAEXAMIN resource class must be defined to your access control software. See your security administrator to define this resource.
• The EXAMMON address space callers must be authorized.
• The TSO user running CA Auditor must have read access to the SAF resource.
• The EXAMMON address space requires a user ID configured for each ESM to run under.

Note: If the EXAMMON address space is shut down while another address space connected to it, message: IEF352I ADDRESS SPACE UNAVAILABLE is displayed. No action is required.

Follow these steps:

1. APF-authorize the CA Auditor execution load library:
   • AUD.EXAMINE.LOAD (non-SMP/E installations)
   • AUD.PRODHLQ.CAJ0L0AD (SMP/E installations)
2. Open the EXAMMON procedure supplied:
   • AUD.EXAMINE.PROCS library (non-SMP/E installations)
   • prefix.PRODHLQ.CAJ0PROC library (SMP/E installations)
3. Customize the EXAMMON procedure:
   1. Define a user ID that the EXAMMON procedure will run under.
   2. Modify the STEPLIB DD statement to refer to the appropriate data set containing the authorized CA Auditor load modules (typically PRODHLQ.CAJ0LOAD).
4. Configure the user ID for each ESM.
5. Add EXAMMON to an appropriate system procedure library (for example, SYS1.PROCLIB).