Specific Control Options › LOG—Events to be Logged

LOG—Events to be Logged

Valid on z/OS and z/VM.

Use the LOG control option to:

• Identify the types of events that CA Top Secret logs
• Specify whether the events are logged onto the ATF (Audit Tracking File) and/or onto the SMF files (System Management Facility)
• Specify if the violation message is displayed

The LOG option affects all facilities. A Global LOG command can be overridden by a LOG operand entered as a suboption for a specific facility. For information, see FACILITY.

All entry methods are accepted.

This control option has the following format:

LOG(ACTIVITY,ACCESS, SMF,SEC9,INIT,MSG)|(NONE)|(ALL)

ACTIVITY

Logs all activity for all facilities to the SMF. This is the same as specifying:

LOG(ACCESS,INIT)

SMF

Events are written to the SMF file in addition to the ATF if applicable.

ACCESS

Logs all resource access, except for the following:

• DBD
• FCT
• JCT
• LCF
• OTRAN
• PPT
• PROGRAM
• PSB

SEC9

Routes violation summary messages to the security console via route code 9:

• TSS7100E
• TSS7220E
• TSS7200E
• TSS7250E

INIT

Logs all job/session initiations and terminations.

MSG

Violation messages are displayed for batch jobs, started tasks, or at the online user's terminal.

For users in FAIL mode, violation messages will always appear. Password violations also appear.

ALL

Selects all log options for all facilities.

NONE

Deactivates all SMF and ATF logging, except for violations and audited events to the ATF.

If the user facility is in DORMANT mode, no logging takes place unless the resource permitted is specified with ACTION(FAIL).

The default is LOG(SMF,INIT, SEC9, MSG).

Type 80 Format

CA Top Secret uses SMF type 80 format records. A DSECT (Dummy Control Section) for these records is documented in the installation exit (TSSINSTX) source code.

LOG(ACCESS), LOG(ACTIVITY), and LOG(ALL) are primarily diagnostic tools for Technical Support people. Because each option produces a large number of records, dumping such a large volume of records on the Audit/Tracking File, might cause excessive wrapping of the File, which, in turn, means you need a larger File. In short, limit your use of these three options.

Important! A LOG option issued after the startup of CA Top Secret resets not only the global LOG options, but also the LOG setting of every facility.

Protection of Option

The LOG option is protected by the operator accountability feature. CA Top Secret will prompt the person entering the command for the proper ACID/password combination before processing the LOG option. CA Top Secret will also create an audit trail identifying the ACID under which the LOG specification was made.

Recording Violations

If the AUDIT DD‑statement is entered into the CA Top Secret started task procedure, then the recording of violations into the ATF will always occur. Violations are always written to available files. Violation recording cannot be prevented (in all modes except DORMANT), even if LOG(NONE) is entered. See DRC and MSG for instructions on how to tailor and/or suppress violation messages.

Use of Report Utilities

An important prerequisite to the reporting and tracking of security events is the correct specification of log options. TSSUTIL and TSSTRACK can be used to build reports, but only based on data that is stored in the SMF and ATF. For information, see the Report and Tracking Guide.