Previous Topic: Log Stream Naming ConventionsNext Topic: View Log Stream Online for Audit Events

Starting Your ProductHow to Configure Without CA CSMDefine Log Streams (INST0040 - INST0046)Step 1: Define a Log Stream for Audit Events (INST0040)

Step 1: Define a Log Stream for Audit Events (INST0040)

This step defines a set of log streams to contain historical audit event data records.

A unique log stream must be created for each audit event data record that has been defined on each system.

Note: The parmlib members for specifying log stream names are located in the sysview.CNM4BPRM data set.

Follow these steps:

  1. Specify the log stream as shown in the example that follows this procedure.
  2. Specify the name of the defined log stream in the following parmlib members:
    AUDIT
    LOGSTREAM-AUDIT-NAME   logstream.name

    If the audit logging function is not going to be used or the log stream has not been defined, set the following options:

    LOGSTREAM-AUDIT-NAME   NONE
    LGLOOKUP
    Sysname  Logname......LogStream-Name
sysname  AUDIT        logstream.name
  3. Submit the INST0040 job.

The log stream for the historical audit event data records is defined, and the contents of the log stream can be viewed online.

Example: Define a DASD-Only Audit Log Stream.

This example defines a DASD-only audit log stream for collecting historical audit event data records: 

DATA TYPE(LOGR) REPORT(NO)
DEFINE LOGSTREAM
       NAME(GSVX130.AUDIT.ADTT.smfi)
       AUTODELETE(YES)
       DASDONLY(YES)
       DESCRIPTION(AUDIT_LOG)
       DIAG(NO)
       EHLQ(LOGGER)
       HIGHOFFLOAD(70)
       LOWOFFLOAD(0)
       LS_SIZE(5000)
       MAXBUFSIZE(32767)
       MODEL(NO)
       OFFLOADRECALL(YES)
       RETPD(7)
       STG_SIZE(3500)