Previous Topic: Multiple CPUsNext Topic: Create Alternate Audit/Tracking File


Create the Audit/Tracking File

The audit/tracking file is an online file that records security incidents in place of, or in addition to, SMF. The audit/tracking file provides administrators and auditors with a current, online record of system security activity from all CPUs.

We recommend that you use the audit/tracking file instead of SMF because of the following factors:

The audit/tracking file is a wraparound file; when the file is full, recording continues at the beginning of the file, overlaying existing data. Optionally, you may use two audit/tracking files. When the first audit/tracking file is full, CA Top Secret automatically switches to the alternate audit/tracking file. When the alternate audit/tracking file is full, recording continues at the beginning of the first audit/tracking file, overlaying existing data.

Note the following audit/tracking file behaviors:

Follow these steps:

  1. Edit CAKOJCL0 member TSSMAINA to conform to your site's standards.

    The member includes your site-specific values.

  2. Edit the JCL parameters one per line, starting in column 1:
    CREATE AUDIT

    Requests audit/tracking file initialization.

    BLOCKS=????

    Specifies the number of blocks to be used for the audit/tracking file.

    BLOCKSIZE=?????

    Specifies the blocksize for the audit/tracking file. The BLOCKSIZE input parameter must be identical to the BLKSIZE JCL parameter of CAKOJCL0(TSSMAINA) when submitted. If you use both a primary and alternate audit/tracking file, the BLOCKSIZE must be identical in both files.

    General Value: A multiple of 256 between 512 and 32512

    3390 DASD Value: A multiple of 256 between 512 and 27648

    ID=AUDIT

    Distinguishes one audit/tracking file from the other when using alternating audit/tracking files. You can only specify one of the following values. No other values will be accepted. For the:

    • First audit/tracking file use: ID=AUDIT.
    • Alternate audit/tracking file use: ID=AUDIT2.

    The JCL parameters are edited.

  3. (Optional) If you are using an alternate audit/tracking file, code a DDNAME of AUDIT2 in the CA Top Secret STC procedure.

    The alternate audit/tracking file is updated.

More Information:

CA Top Secret Health Checks