This section contains the following topics:
Input and Output Files for SAF Trace Report Generator
SMF Input Records for SAF Trace Report Generator
The batch utility program, TSSRPTST, processes and displays the output that was sent to SMF by the SAF SECTRACE command.
To run the TSSRPTST report, you must have already run the SAF SECTRACE operator command and set the output destination to SMF. With few exceptions, CA Top Secret processes all MVS SAF security requests by default. The SAF Trace report enables you to display the monitored RACROUTE parameter list passed by requests for SAF services. This report also displays additional environmental information, such as job name, user ID, and the program issuing the SAF call. For more information about using the SAF SECTRACE command, see the Troubleshooting Guide.
For z/OS 1.9 and above, SMF data may be sent to the LOGGER services controlling the write of the SMF data in LOGSTREAM structures. SMF data is not recorded in the usual SYS1.MANx data sets.
The TSSRPTST utility is able to read the data under when:
SUBSYS SUBNAME(LOGR) INITRTN(IXGSSINT)
The RECxxxxx DD used to read the data has the format:
//RECxxxxx DD DSN=IFASMF.DATA.LOGSTRM,DISP=SHR, // SUBSYS=(LOGR,IFASEXIT,subsys-options1,subsys-options2)
Description of SUBSYS options-1 includes:
[FROM={({[yyyy/ddd][,hh:mm[:ss]]}) | OLDEST}]
[TO={({[yyyy/ddd][,hh:mm[:ss]]}) | YOUNGEST}]
[,DURATION=(nnnn,HOURS)]
[,VIEW={ACTIVE|ALL|INACTIVE}]
[,GMT|LOCAL]
The subsys-options1 parameters used by the IBM IFASEXIT are the same than those used by the IFBSEXIT. For information on the parameters for IFBSEXIT, see IBM's MVS Diagnosis: Tools and Service Aids.
CA Top Secret performs authorization checking to determine whether the person submitting the TSSRPTST job is authorized to view or manipulate the input SMF data.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|