DIAGTRAP—Produce Diagnostic Dump

Specific Control Options › DIAGTRAP—Produce Diagnostic Dump

DIAGTRAP—Produce Diagnostic Dump

Valid on z/OS.

Use the DIAGTRAP control option to produce a diagnostic dump, based on limitations of ACID, JOBNAME, RESCLASS, and Detailed Reason Code. This is the CA Top Secret equivalent to O/S SLIP.

Apart from '*' by itself, the DIAGTRAP control option does not support masking. Specify the exact ACID, resource class, or jobname.

Use this control option only under the direction of CA Top Secret Support.

All entry methods are accepted.

This control option has the following format:

DIAGTRAP(id,enable_swtich[,trap_type,acid,drc,resclass,job,matchlim])
DIATRAP(id,OFF)
DIAGTRAP(id,DEL)
DIAGTRAP(ALL,DEL)

id

Specify an ID. “All” is also a valid id as long as it is followed by “,Del” to indicate deleting all of the Diagtraps in the table. If no ID is specified while adding an entry, an error message is issued.

Range: 1 to 10

enable_switch

Enable or disable the given id. Valid values are:

On—Enable the diagtrapid entry.
Off—Disable the diagtrapid entry while keeping its information.
Del—Delete the entry.

Note: The enable and the id are the only entries required for turning an ID off.

trap_type

Activates the trap in a particular location. This field must be entered and there is no default. A “)” can be entered any time after the trap to indicate defaults are to be taken for remaining fields. Valid traps are:

KER—Trap within security kernel (TSSKERNL)
SFS—CA Top Secret Security File services debugging
SF1—CA Top Secret Security File services debugging for GETAR.
SF2—CA Top Secret Security File services debugging for UPDATE

IF SF1 or SF2 is set, SFS is also set.

DBG—Interactive TSO or console debugging (online)
DB1—Diagnostic location‑1
DB2—Diagnostic location‑2

Important! Initially, when an entry is created, the trap_type is a required parameter in the DIAGTRAP syntax.

acid

The ACID entered as a parameter to be matched for producing a dump.

Default: Any User id (*).

drc

The Detailed Reason Code that must be produced to trigger the dump.

Default: Any violation (255).

resclass

Tests the resource class name.

Default: Any (*).

job

Specifies the job name of the job or started task to be monitored. The restrictions on acid, drc, resclass, and job are combined to trigger the DIAGTRAP: all conditions listed must be simultaneously present for the dump to be triggered.

Default: Any (*).

matchlim

Sets the maximum number of dumps to be taken.

Range: 1 to 255

Default: 1

Examples: DIAGTRAP control option

This example triggers a diagnostic dump when ACID DUMPE01 is executing JOB DUMPE01A, and a security error with detailed reason code 075 occurs during a check for an OTRAN resource, while CA Top Secret is executing modules in the TSS Kernel. The command assigns this diagtrap an id of 1, and remains active through a maximum of 2 occurrences where these conditions are detected:

TSS MODIFY(DIAGTRAP(1,ON,KER,DUMPE01,075,OTRAN,DUMPE01A,2))

This example checks for a Security File Services (SFS) error of any kind while processing user EXAMP01. The diagtrap is assigned an id of 7, and will remain active until such an error is detected once.

TSS MODIFY(DIAGTRAP(7,ON,SFS,EXAMP01,255,*,*,1)

This example sets Kernel diagtrap #6 to check any job for any acid against any non‑zero DRC in any resource and also sets the match limit to 1:

TSS MODIFY(DIAGTRAP(6,ON,KER))

This example turns DIAGTRAP number 3 off (as long as number 3 is active):

TSS MODIFY(DIAGTRAP(3,OFF))

This example deletes diagtrap number one:

TSS MODIFY(DIAGTRAP(1,DEL))

This example sets Diagtrap #5 to check against a successful validation (DRC=0) for any ACID executing job DUMPE01A with resource OTRAN. The matchlim defaults to 1:

TSS MODIFY(DIAGTRAP(5,ON,KER,*,0,OTRAN,DUMPE01A)

This example deletes all of the existing diagtraps (whether set “on” or “off”):

TSS MODIFY(DIAGTRAP(ALL,DEL))