Previous Topic: SECCACHE—Security Record CacheNext Topic: SHRFILE—Share Files

Specific Control OptionsSECTRACE—Security Trace

SECTRACE—Security Trace

Valid on z/OS and z/VM.

Use the SECTRACE control option to activate a diagnostic security trace on the activities of all defined users or of specific users.

All entry methods are accepted.

This control option has the following format:

SECTRACE(WTO|WTL|OFF)|(ACT,WTO|WTL)|(ON)
WTO

Activates the trace, and routes messages to the master console for all users and events.

WTL

Activates the trace and routes messages to the SYSLOG (system log). Use with the ACT operand.

ON

Activates global trace.

OFF

(Default, as long as a command is not specified in the PARMLIB) Deactivates diagnostic tracing. OFF is only used as a default when a command is not specified in the PARMLIB.

ACT

Activates the trace for users that have the TRACE attribute attached to their ACIDs. ACT must be specified with WTL or WTO in this format:

SECTRACE(ACT,WTL|WTO)

Destinations of Trace Messages

In TSO, trace information always goes to both the terminal and SYSLOG.

The following operands indicate the possible destinations of the trace messages:

WTO

To the master console

WTL

To SYSLOG

The SECTRACE control option is usually issued at the request of Technical Support.

TRACE messages use the following prefixes:

TSS‑I

For initiations.

TSS‑E

For terminations.

TSS‑C

Access validation done through RACHECK.

TSS‑D

Access validation done through RACDEF

TSS‑F

Access validation done through FRACHECK.

TSS‑T

TSS command.

TSS‑V

JES Early Verify Password support.