CPF uses journal files to provide a historical record of the command traffic to and from CA Top Secret. An individual journal file is usually a JES spool data set—a SYSOUT data set that can be printed offline or viewed.
When CA Top Secret is started as a subsystem, SYSOUT is unavailable if CPF is activated before JES is initialized. The product ignores any CA Top Secret file that is allocated to SYSOUT when CA Top Secret is started as a subsystem while JES is not active.
After JES is activated, the product dynamically allocates CPF journal files (if no SYSOUT DD statements exist in the JCL). If JES is terminated before CA Top Secret, the product closes the SYSOUT journal files. CPF continues to send and receive commands, but no activity is logged to SYSOUT journal files.
If CA Top Secret is started as a subsystem and you want to use CPF journaling when JES is not active, you must redirect CPF journal files to a data set file type other than SYSOUT. This file should be a sequential data set with the following DCB attributes:
CPF uses one journal file for each remote node defined to it through the CPFNODES control option, plus one journal file for all incoming traffic. The node‑specific journal files have a DDname equal to the node name, and the DDname for incoming traffic is RECVCMDS. We recommend that these DDnames not be defined in the CA Top Secret JCL stream. If a given DDname is missing, CPF dynamically allocates the journal file. If dynamic allocation fails, CPF continues the operation but does not perform the journaling for the associated node.
CPF does not require predefined DD statements for the Journal data sets in the CA Top Secret JCL stream. If actual sequential journal data sets are chosen, they must be cataloged prior to activating CPF.
When transmitting a command to a remote destination, CPF records the command image on the Journal File for that node and associates an ID number with that command. When a response is received from the remote node, CPF journals the response and the ID number so that the response can be matched to the command that prompted it. When a command is received from a remote machine, CPF journals the command, the ID number, and the node name that sent the command. When the response is sent back, it is journaled with the ID and remote destination name.
By examining the appropriate Journal File, an auditor can see what came in, can see what went out, and can see the results of the action taken. The CPF Journal Files log commands regardless of whether WAIT(YES) or WAIT(NO) was specified.
The Journal Files can be used for debugging purposes.
Examples: CPF journal files
This example sets up the NDT definitions to dynamically allocate SYSOUT journal data sets for inbound and outbound commands. CPF will dynamically allocate a SYSOUT data set with DDname RECVCMDS and another one with DDname SYS2:
TSS ADD(NDT) CPFSYSID(SYS1)
RECVCMDS(YES)
TSS ADD(NDT) CPFSYSID(SYS1)
CPFNODE(SYS2)
JOURNAL(YES)
This example shows sets up the NDT definitions for dynamically allocating sequential journal data sets for inbound and outbound commands. CPF will dynamically allocate a sequential data set with DSN=”cpf.recv.dsn” for inbound commands, and sequential data set with DSN=”sys2.cpf.journal” for outbound commands targeted:
TSS ADD(NDT) CPFSYSID(SYS1)
RECVCMDS(YES)
RECVDSN(cpf.recv.dsn)
TSS ADD(NDT) CPFSYSID(SYS1)
CPFNODE(SYS2)
JOURNAL(YES)
JOURNALDSN(sys2.cpf.journal)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|