Specific Control Options › ETROPTS—Events Sent

ETROPTS—Events Sent

Valid on z/OS.

Use ETROPTS to control which events the Monitor sends to the CA Audit product.

All entry methods are accepted.

This control option has the following format:

ETROPTS(ADD|REM,VIO,LOG,START,INIT,USS,CMDADM,CONTROL)

ADD

Indicates that a new category of events are added to the current list of events.

REM

Indicates that a category of events are removed from the current list.

VIO

Transmits security violation events to CA Audit. This includes initiations and resource access violations.

LOG

Sends Audited events to CA Audit.

START

Sends CA Top Secret startup and termination events to CA Audit.

INIT

Sends successful initiations and terminations (signon/signoff) to CA Audit.

USS

Indicates that all USS activity logged to ATF/SMF is sent to CA Audit. You can also specify the calls:

• INITUSP for initUSP
• DELUSP for deleteUSP
• CHKACC for ck_access
• SETUID for R_setuid
• SETEUID for R_seteuid
• SETGID for R_setgid
• SETEGID for R_setegid
• CHOWN for R_chown
• CHMOD for R_chmod
• RAUDIT for R_chaudit
• CHAUD for R_audit
• INITAC for initACEE
• SETFACLfor R_setfacl
• AUDITX for R_auditx

The maximum number of characters for each command is 80. If more characters are needed, another MODIFY command is required.

CMDADM

Sends TSS administrative commands (successes and failures) to CA Audit.

CONTROL

Sends control options changed from the console (F TSS,…) and from TSO (TSS MODIFY(…)) to CA Audit.

Examples: ETROPTS control option

This example adds successful initiations/terminations and administrative commands to the current list of events sent to CA Audit:

F TSS,ETROPTS(ADD,INIT,CMDAMD)

This example specifies that the R_chown and R_chmod USS calls are sent to CA Audit:

TSS MODIFY(ETROPTS(ADD,USS(CHOWN,CHMOD)))