The audit/tracking file is an online file that records security incidents in place of, or in addition to, SMF. The audit/tracking file provides administrators and auditors with a current, online record of system security activity from all CPUs.
We recommend that you use the audit/tracking file instead of SMF because of the following factors:
The audit/tracking file is a wraparound file; when the file is full, recording continues at the beginning of the file, overlaying existing data. Optionally, you may use two audit/tracking files. When the first audit/tracking file is full, CA Top Secret automatically switches to the alternate audit/tracking file. When the alternate audit/tracking file is full, recording continues at the beginning of the first audit/tracking file, overlaying existing data.
Note the following audit/tracking file behaviors:
Follow these steps:
The member includes your site-specific values.
Requests audit/tracking file initialization.
Specifies the number of blocks to be used for the audit/tracking file.
Specifies the blocksize for the audit/tracking file. The BLOCKSIZE input parameter must be identical to the BLKSIZE JCL parameter of CAKOJCL0(TSSMAINA) when submitted. If you use both a primary and alternate audit/tracking file, the BLOCKSIZE must be identical in both files.
General Value: A multiple of 256 between 512 and 32512
3390 DASD Value: A multiple of 256 between 512 and 27648
Distinguishes one audit/tracking file from the other when using alternating audit/tracking files. You can only specify one of the following values. No other values will be accepted. For the:
The JCL parameters are edited.
The alternate audit/tracking file is updated.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|