Violations, Logging, Reporting, and Auditing › Violations and Logging

Violations and Logging

The LOG control option is the primary mechanism that controls the reporting of system activity and violations for all facilities. You can also use the LOG sub-option of the FACILITY control option to control individual facilities.

Among the options you can select to track security breaches are:

• A violation generates a descriptive message sent to the security console, the user's online terminal, or both.
• Job/session initiations and terminations, resource accesses, security violations, or any combination of these events are logged for all or selected facilities.
• A record of selected types of events are logged to SMF, the Audit/Tracking file, or both. The Audit/Tracking File can be shared across CPUs, providing a single reference source for security events.

When you use ACTION(AUDIT) with the PERMIT command function, it audits all accesses to the specified resource regardless of the mode or logging options of the user.

In FAIL mode, messages are issued regardless of the LOG control option specifications.

The logging of activity is transparent to the user.

Example: violation messages

This example logs violation messages to SMF or to the Audit/Tracking file but does not notify the user:

TSS MODIFY LOG(MSG)