Specific Control Options › LOG—Control Event Logging

LOG—Control Event Logging

Valid on z/OS and z/VM.

Use the LOG control option to perform the following activities:

• Identify the types of events that CA Top Secret logs.
• Specify whether events are logged onto the ATF (Audit Tracking File) and SMF (System Management Facility) files.
• Specify whether to display violation messages.

The LOG option affects all facilities. A global LOG command can be overridden by a LOG operand that you enter as a suboption for a specific facility.

All entry methods are accepted.

This control option has the following format:

LOG(ACTIVITY,ACCESS,SMF,SEC9,INIT,MSG)|(NONE)|(ALL)

ACTIVITY

Logs all activity for all facilities. This specification is the same as the following specification:

LOG(ACCESS,INIT)

SMF

Writes events to the SMF file in addition to the ATF.

ACCESS

Logs all resource access, except for the following access:

• DBD
• FCT
• JCT
• LCF
• OTRAN
• PPT
• PROGRAM
• PSB

SEC9

Routes the following violation summary messages to the security console through route code 9:

• TSS7100E
• TSS7220E
• TSS7200E
• TSS7250E

INIT

Logs all job/session initiations and terminations.

MSG

Displays violation messages for batch jobs, started tasks, or at the online user's terminal.

For users in FAIL mode, violation messages always appear, regardless of the MSG setting. Password violations also appear.

ALL

Selects all log options for all facilities.

NONE

Deactivates all SMF and ATF logging, except for violations and audited events, which continue being written to the ATF.

If the user facility is in DORMANT mode, no logging takes place unless the permitted resource is specified with ACTION(FAIL).

The default is LOG(SMF, INIT, SEC9, MSG).

More information:

FACILITY—System Facility Processing

Type 80 Format

CA Top Secret uses SMF type 80 format records. A DSECT (Dummy Control Section) for these records is documented in the installation exit (TSSINSTX) source code.

LOG(ACCESS), LOG(ACTIVITY), and LOG(ALL) are primarily diagnostic tools for Technical Support people. Because each option produces a large number of records, dumping such a large volume of records on the Audit/Tracking File, might cause excessive wrapping of the File, which, in turn, means you need a larger File. In short, limit your use of these three options.

Important! A LOG option issued after the startup of CA Top Secret resets not only the global LOG options, but also the LOG setting of every facility.

Protection of Option

The LOG option is protected by the operator accountability feature. CA Top Secret will prompt the person entering the command for the proper ACID/password combination before processing the LOG option. CA Top Secret will also create an audit trail identifying the ACID under which the LOG specification was made.

Recording Violations

If the AUDIT DD‑statement is entered into the CA Top Secret started task procedure, then the recording of violations into the ATF will always occur. Violations are always written to available files. Violation recording cannot be prevented (in all modes except DORMANT), even if LOG(NONE) is entered. See DRC and MSG for instructions on how to tailor and/or suppress violation messages.

Use of Report Utilities

An important prerequisite to the reporting and tracking of security events is the correct specification of log options. TSSUTIL and TSSTRACK can be used to build reports, but only based on data that is stored in the SMF and ATF. For information, see the Report and Tracking Guide.