The batch utility program, TSSOERPT, processes security-related activity recorded in SMF data sets to monitor user activity in an OpenEdition MVS/Unix System Services for z/OS (USS) environment. CA Top Secret logs security events under this environment to SMF using standard CA Top Secret SMF type 231 records. By default, log records are written for any security event that denies the ACID access to a USS function or resource. These records can assist you in determining the UID and GID of the ACID involved in the attempted access. The TSSOERPT utility uses type 231 SMF records. In order to get output for this report, you must be logging type 231 records to SMF.
For sites with specific reporting requirements for activity in a USS environment, use the following members provided in TSSOPMAT to produce customized reports on USS:
For z/OS 1.9 and above, SMF data may be sent to the LOGGER services controlling the write of SMF data in LOGSTREAM structures. SMF data will not be recorded in the usual SYS1.MANx data sets. The TSSRPTST utility is able to read the data when:
SUBSYS SUBNAME(LOGR) INITRTN(IXGSSINT)
The RECxxxxx DD used to read the data has the format:
//RECxxxxx DD DSN=IFASMF.DATA.LOGSTRM,DISP=SHR, // SUBSYS=(LOGR,IFASEXIT,subsys-options1,subsys-options2)
Description of SUBSYS options-1 includes:
[FROM={({[yyyy/ddd][,hh:mm[:ss]]}) | OLDEST}]
[TO={({[yyyy/ddd][,hh:mm[:ss]]}) | YOUNGEST}]
[,DURATION=(nnnn,HOURS)]
[,VIEW={ACTIVE|ALL|INACTIVE}]
[,GMT|LOCAL]
The subsys-options1 parameters used by the IBM IFASEXIT are the same as those used by the IFBSEXIT. For information on the parameters for IFBSEXIT, see IBM's MVS Diagnosis: Tools and Service Aids.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|