TSSUTIL Utility

This section contains the following topics:

About TSSUTIL

Authority and Scope

TSSUTIL Exec Parameters

TSSUTIL Verbs

TSSUTIL JCL

TSSUTIL Report Selection Criteria

Sample TSSUTIL Selection Criteria

TSSUTIL Report Description

About TSSUTIL

TSSUTIL provides the CA Top Secret administrator with batch reports and with the ability to extract audit information recorded in the Audit/Tracking File. This information contains detailed security-related activity; thus you can produce violation and/or activity reports based on customized selection criteria.

The following considerations affect TSSUTIL:

TSSUTIL can report on an AUDIT file detached from any Security File by using the HISTORY parameter.
The Audit/Tracking File supports 256 byte resource names.
TSSUTIL accommodates resource names up to 256 bytes in length
Alternating between two Audit/Tracking files is now available. This allows you to backup one AUDIT file while working on another.
Reports are produced with events in chronological order as found in the Audit/Tracking File. No sorting is performed.
Reporting depends greatly upon the correct specification of logging options. The LOG option allows you to request the type of events to be logged; specify where logging information is recorded; and choose where violation notification is made.

The following logging options are required to obtain security information:

LOG(INIT,...)  requests logging of all job/session initiations
and terminations.

LOG(ACCESS,...) requests logging of all resource access.

Each facility can be separately monitored.

Violations are always logged by default.

All security events would need to be logged via the TSS LOG option in order to use the full range of options available with TSSUTIL. Selection, therefore, is limited to data available as a result of the TSS LOG option. Multiple and different reports may be generated using the same Audit/Tracking File input data and one use of TSSUTIL.

Authority and Scope

To use TSSUTIL you must have or be given REPORT authority. This administrative authority may be given by anyone who has REPORT authority with the following:

TSS ADMIN(acid)  ACID(REPORT) RESOURCES(REPORT)

You can only report on those incidents that are generated for ACIDs within the scope of your authority. The scopes are:

SCA-: Every event
LSCA: Every event within the LSCAs scope
ZCA: Entire zone or all divisions within the zone
VCA: Entire division or all departments within the division
DCA: Entire department or all ACIDs within the department
USER: The user

Note: When using EVENT(VIOL) or EVENT(AUDIT), LSCAs, ZCAs, VCAs and DCAs can report on incidents that are generated for resources within their scope, whether or not the ACID causing the event is within their scope. VCAs using EVENT(VIOL) or EVENT(AUDIT) and specifying a department get resources within that department's scope. For more details on EVENT, see TSSUTIL Report Selection Criteria.

TSSUTIL Exec Parameters

Reports can also be run against a release 1.1 format Audit File using the //DD control statement. For detailed information on EXEC parameters and the //DD control statement, see the Implementation Guide.