Keywords › MATCHLIM Keyword—Limit Audit Activity

MATCHLIM Keyword—Limit Audit Activity

Valid on z/OS.

Use the MATCHLIM keyword to limit the number of loggings generated because of resource or user auditing.

When added to an acid, this keyword has the following format:

TSS ADDTO(acid) AUDIT MATCHLIM 

When used with the AUDIT reserved ACID, this keyword has the following format:

TSS ADDTO(AUDIT) resclass(resname) MATCHLIM 

resclass

Specifies the class of the resource that will be added to the AUDIT reserved ACID.

name

Specifies the name of the resource that will be added to the AUDIT reserved ACID.

Notes:

• When adding MATCHLIM to an acid, the AUDIT attribute must be present. AUDIT can already be on the acid or specified on the same command.
• If MATCHLIM is specified for a volume resource in the AUDIT record, all datasets on that volume are subject to match limit processing. Each dataset is tracked separately and logging is discontinued only for datasets that reach the MATCHLIM value.
• Audit Match Limit processing only affects loggings that are generated because of the AUDIT attribute or the AUDIT record. All other loggings, including those that occur because of violations, bypass authorities, and exits, are not affected by Match Limit processing.
• If the match limit is reached for a resource or user, no more loggings are generated because of the AUDIT attribute/record. Loggings will resume if the MATCHLIM(CLEAR) modify command is issued. An IPL will also cause match limit processing to resume for all users and resources if the control option is set by the user or specified in the parm file.
• To permanently disable match limit processing for a user or resource, remove the MATCHLIM keyword from the specific acid or AUDIT record. To disable match limit processing for all auditing, set the MATCHLIM control option to 0.
• If AUDIT is removed from an acid, MATCHLIM is also removed.

For more information about the MATCHLIM control option, see the Control Options Guide.

This keyword is used with:

• The commands ADDTO, CREATE, and REMOVE
• The ACID types AUDIT, User, DCA, VCA, ZCA, LSCA, SCA, and MSCA
• ACID(AUDIT) authority to ADDTO or REMOVE the MATCHLIM attribute for ACIDs within their scope
• RESOURCE(AUDIT) admin authority when maintaining a record on the AUDIT reserved ACID

Examples: MATCHLIM keyword

• This example adds the AUDIT and MATCHLIM attribute to USER01. Any actions performed by USER01 are recorded in the Audit file until the match limit value is reached:

  TSS ADD(USER01) AUDIT MATCHLIM 
  

• This example removes the AUDIT and MATCHLIM attribute from USER01. MATCHLIM is automatically removed if AUDIT is removed:

  TSS REMOVE(USER01) AUDIT 
  

• This example removes the MATCHLIM attribute from USER01. Auditing continues without match limit processing:

  TSS REMOVE(USER01) MATCHLIM 
  

• This example allows activity for the specified resource to be audited until the match limit value is reached:

  TSS ADD(AUDIT) resclass(resname) MATCHLIM