TSSTRACK Utility › TSSTRACK Report Description

TSSTRACK Report Description

The examples below illustrate various ways that TSSTRACK can be used.

• Provide tracking information for all security events logged from 5 p.m. until the current time is reached. When the current time is reached, the TSSTRACK selection criteria/control options prompt is displayed. The display is to be positioned to the first event logged during this period and is to be scrolled forward only when the Enter key is pressed. Hardcopy of the display should be produced and routed to SYSOUT class A when TSSTRACK terminates.

  TIME(1700) SCROLL(NO) HARDCOPY
  

• Provide tracking information for all security violations logged in the last two days on System 033E. The display should be positioned to start with the first event logged during this period and should be scrolled forward only when the Enter key is pressed. No hardcopy is to be produced.

  DATE(‑2) SYSID(033E) EVENT(VIOL) SCROLL(NO)
  

• Provide tracking information for all TSO events logged from the current date and time until TSSTRACK terminates or alternate selection criteria are entered. The Audit/Tracking File should be examined every 60 seconds for new events.

  EVENT(ALL) FACILITY(TSO) INTERVAL(60)
  

TSSTRACK Report

The following fields are displayed in the output of TSSTRACK.

dd/mm/yy

Date on which tracked events shown occurred (line two of heading). Heading line 1 contains the current date and time to the right.

One‑character system identifier. Taken from the CPUs SMF‑ID on which the event occurred. See SIDCOL option.

An asterisk (*) in column 2 of the display line indicates a new event.

TIME

Time at which tracked event occurred.

VC

Accumulated violation count since start of session for ACID associated with tracked event.

JOB/USR

Name of batch job, started task, or user responsible for tracked event.

FFM

A one‑ or two‑character identifier for the facility (FF) and a one‑character identifier for the security mode (M) involved. Facility codes are:

• B=BATCH
• C=CICSPROD
• I=IMSPROD
• K=CICSTEST
• N=NCCF
• S=STC
• T=TSO
• V=VM
• X=IMSTEST
• Security modes are:
• D=DORMANT
• F=FAIL
• I=IMP
• W=WARN

ACIDNAME

Name of ACID associated with user or job responsible for tracked event.

RDR/TERM

JES reader or online terminal associated with tracked event.

DRC

Detailed error reason code or one of the following:

• OK-Incident was logged without violation
• OKA-Incident was audited without violation
• OKB-Incident was audited because of security bypass

Information about the detailed error reason code can be obtained by using the DRC selection criterion. An asterisk in column two of the display line indicates a new event.

R/ACCESS/A

Access level requested (R) and allowed (A). TSSTRACK attempts to find an exact match between the requested/allowed access level with the bit-map access level label supplied for the RDT definition of the requested resource. If no matching label is found, the binary access level is placed into the report, preceded by an asterisk. If a matching label is found, the first four characters of the RDT access-level label are reported, unless the access label is one of these standard access levels:

• ALOG=AUTOLOG
• ALTR=ALTER
• BRWS=BROWSE
• CREI=CREATEIN
• CRTB=CRETAB
• CRTE=CREATE
• CRTS=CRETS
• CTRL=CONTROL
• DELT=DELETE
• LOGN=LOGON
• IMGC=IMAGCOPY
• INDX=INDEX
• INSR=INSERT
• NSHR=NOSHR
• PKAD=PACKADM
• RCVR=RECOVDB
• SCRT=SCRATCH
• SLCT=SELECT
• SRGL=SURROGATE
• UPDT=UPDATE

SEC

Security driver identifier:

• ADA=DATABASE
• BLP=OPEN‑TAPE‑BLP
• CAT=CATALOG‑MANAGEMENT
• CRE=CREATE‑DSN
• DES=DATA‑ENCRYPTION
• EOV=OPEN‑EOV
• FAP=FETCH‑ACCESS‑PROTECTION
• FEV=FORCE‑EOV
• HSM=IBM/HSM
• INC=RACINITC
• INI=JOB/STC/SESSION START
• INY=RACINITY
• LCF=TRANSACTION
• LST=IMS/CICS‑INITIATION
• OPJ=OPEN‑TYPE‑J
• OPN=OPEN
• REN=RENAME‑DSN
• SCR=DELETE‑DSN
• SUB=SUBMIT
• TMS=TAPE‑MANAGEMENT
• TRM=JOB/STC/SESSION TERMINATION
• USS=UNIX SYSTEM SERVICES
• VSM=VSAM
• ??=HEXADECIMAL‑SVC‑NUMBER.

PROGRAM

Name of program in control when tracked event took place.

RES/CLS/NAME

A resource class code, followed by the resource name. The first four characters of the resource class are used as the resource class code, with the following exceptions:

• APCL=APPCLU
• APPL=APPL
• CCCM=CACCFMEM
• CCFD=CACCFDSN
• DBD =DBD
• DSN =DATASET
• DB2 =DB2
• D2BF=DB2BUFFP
• D2DB=DB2DBASE
• D2PL=DB2PLAN
• D2ST=DB2STOGP
• D2SY=DB2SYS
• D2TB=DB2TABLE
• D2TS=DB2TABSP
• FLD =FIELD
• PNL =PANEL
• SMSG=SMESSAGE
• SUB =ALT‑ACID
• TSOG=TSOPRFG
• TSOT=TSOAUTH
• TST =TST
• VOL =VOLUME
• VXFI=VXFILE
• VTAP=VTAMAPPL
• VXDV=VXDEVICE
• USRL=USERLOG
• WRTR=WRITER
• XACT=TRANSACTION

On an 80 character screen, *BELOW* appears in the RES/CLS/NAME column indicating that the remaining resource information is displayed in the next line.

ORIGINAL RESOURCE CLASS

Displays the original eight-character resource class before it was translated during the security check to the resource class displayed in the prior line. This line is displayed only:

• On a type=LONG audit report
• If a resource class translation has been performed