Select Type of Activity for Logging

Implementing CA Top Secret › Select Type of Activity for Logging

Select Type of Activity for Logging

You must select the activity to log. This can be done globally or by facility. Violation activity is always logged as long as you have specified the SMF sub-option of the LOG control option or have included the Audit/Tracking File in the CA Top Secret startup procedure.

Activity and Violation Reports

An easy way to monitor violations, or any selected activity, is to develop and produce reports on a regular basis. TSSUTIL, the CA Top Secret report generator, produces violation and/or activity reports based on customized selection criteria. For information, see the Report and Tracking Guide.

Any other report generator or program can be used to produce customized reports based on violations or activity. The format logged is an SMF type‑80 format. For information, see member TSSINSTX (Installation Exit Skeleton Model) in the SMF80 DSECT.

Report Generation

When generating reports segment the information you are monitoring. If you segment the critical selection criteria from the non‑critical you can focus on critical information. Consider the following sample breakdown of daily reports:

Report A contains violation information for systems resources
Report B contains violation information for payroll and accounts payable resources
Report C contains violation information for all other resources
Report D contains initiation information for dial‑up terminals
Report E contains audited activity for critical production files
Report F contains audited activity for SUPERZAP and its aliases
Report G contains audited activity for all security administrators
Report H contains violation or audited information for super ACIDs

While the needs of each organization differ, when reporting is segmented it is easier for the security administrator to review critical violations and activity because the critical information is structured so that it stands out from the less critical information.

Ad Hoc Reporting

You can produce ad-hoc reports that address special situations. For example, if you suspect that one of your users has suspicious access patterns, audit the user and produce a one‑time report of his activity.

Route Code 9 Consoles

CA Top Secret lets you specify that CA Top Secret violation and initiation messages are sent to any operator console defined for route code 9. This allows the operations staff to monitor violations when activity is not monitored by security administrators. The operators have the option of notifying the appropriate authorities when a user appears to be generating violations.

To use a remote route code 9 console as your security console for use by the security administration staff, define the console so that commands cannot be entered from the remote location. This avoids the exposure to the machine room operations area from remotely entered console commands.

This is done through the LOG options.

TSSTRACK

TSSTRACK provides the security console function at any TSO or CICS terminal, if the terminal is used by an authorized CA Top Secret administrator.

For information about TSSTRACK, see the Report and Tracking Guide.