You can use SECTRACE to trace SAF requests made by OMVS. The only allowable value for the DEST= parameter of the TYPE=OMVS SECTRACE command is DEST=SYSLOG.
Note: Only use the OMVS SECTRACE when instructed to by CA Top Secret Technical Support due to the large volume of trace entries possible in the OMVS environment. It is usually easier to debug an OMVS problem using the TSSOERPT report, because it shows more information than the trace. All of the OMVS services write SMF records when the service returns with a non‑zero return code.
To start SECTRACE for OMVS, enter:
ST SET,ID=xxxx,TYPE=OMVS,FUNC=ALL,END
xxxx can be:
Traces all OMVS services.
Traces R_chown, R‑chaudit, and R_cmod.
Traces ck_access, ck_priv, ck_process_owner, ck_file_owner, R_ptrace, ck_IPC_access, ck_owner_two_files, R_IPC_ctl, and R_dceauth.
Traces getUMAP, getGMAP, R_getgroups, R_getgroupsbyname, get_uid_gid_supgrps, R_dceinfo, R_dcekey, R_dceuid, and R_usermap.
Traces initACEE, initUSP, deleteUSP, and R_fork.
Traces makeFSP, makeISP, and make_root_FSP.
Traces audit, query_file_security_options, and query_system_security_options.
Traces R_umask, R_setegid, R_seteuid, R_setgid, R_setuid, R_exec, clear_setid, and R_admin.
To stop the SECTRACE for OMVS, enter:
ST DISABLE,ID=xxxx,END
To restart a disabled trace, enter:
ST ENABLE,ID=xxxx,END
xxxx is the identifier assigned to the SECTRACE
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|