Trace Formats

The following trace record is always produced during a trace:

TSS-c U/cccccccc A/cccccccc T/cccccccc M/c RC/xxxxxx
      VF/xxxxxxxx SF/xxxxxxxx OC/xxxxxxxx

TSS-c

The c is one of four values:

I—Session initiation
T—Session termination
R—Resource validation
F—Resource validation by CP fast-path

U/ccc..c

The name of the virtual machine

A/ccc..c

The ACID under which the virtual machine is running

T/ccc..c

The terminal at which the user is logged on or “DISC”

M/c

The mode of the user:

D—DORMANT
W—WARN
F—FAIL
I—IMPLEMENTATION

RC/xxx..x

The return code:

Byte 1: Return Code
Byte 2: Detail error Reason Code (DRC)
Byte 3: Flags for the DRC as set by the DRC control option
X'80' = Reserved
X'40' = "
X'20' = "
X'10' = Password type violation
X'08' = This DRC is also audited
X'04' = Fail in all modes
X'02' = Fail in WARN mode
X'01' = Not a violation, do not log unless audited

VF/xxx..x

Security flags (Part 1)

Byte 1:
- X'80' = AUTOLOG request
- X'40' = ACID= specified on logon or autolog
- X'20' = Reserved
- X'10' = User is system operator
- X'08' = Random new password requested
- X'04' = Non-IBM or indirect ACI call
- X'02' = Reserved
- X'01' = AUTOLOG directory password has been verified
Byte 2:
- X'80' = User has supplied at least one invalid password
- X'40' = Virtual machine is disconnected
- X'20' = DOWN option has been used
- X'10' = TSS MODIFY
- X'08' = Virtual machine is running on surrogate ACID
- X'04' = User is TSS locked
- X'02' = Re-init of user to refresh Security Record
- X'01' = User is surrogating self
Byte 3:
- X'80' = Access violation detected by CP fast-path
- X'40' = Log an Audit Record
- X'20' = Reserved
- X'10' = "
- X'08' = "
- X'04' = "
- X'02' = "
- X'01' = "
Byte 4:
- X'80' = ACID has been suspended
- X'40' = Resource authorized with VMPRIV
- X'20' = Virtual machine to be forced
- X'10' = Data set authorization based on volume
- X'08' = Reserved
- X'04' = "
- X'02' = "
- X'01' = "

SF/xxx..x

Security flags (Part 2)

Byte 1:
- X'80' = Modifying attributes of current VM
- X'40' = Shared portion of RACVT modified
- X'20' = TSSVMI call
- X'10' = Audit this call
- X'08' = TSSSEC resource audit test
- X'04' = CP TRANSFER
- X'02' = VMUSER present on CP command
- X'01' = CP command has privileged and non-privileged forms
Byte 2:
- X'80' = Password was changed
- X'40' = Random password generated
- X'20' = Password validated
- X'10' = Skip password validation
- X'08' = Forced logon
- X'04' = Reconnect logon
- X'02' = New password required
- X'01' = Autolog logon
Byte 3:
- X'80' = VMMACHine needs to be validated
- X'40' = Force default protection on resource
- X'20' = Volume access check for DSN
- X'10' = Resource is defined
- X'08' = Password verification request
- X'04' = Reserved
- X'02' = "
- X'01' = "
Byte 4:
- X'80' = Violation has occured
- X'40' = Suppress logging
- X'20' = Force failure
- X'10' = Audit entry
- X'08' = Send a message to operator
- X'04' = Issue the message in DORMANT mode
- X'02' = Password violation for defined user
- X'01' = Reserved

OC/xxxxxxxx

The original resource class if translation was performed.

For resource validation, an additional trace record is produced:

TSS-1 RT/x RD/xxxx AC/xxxxxxxx AT/xxxx AL/xxxxxxxxxxxxxx
      RN/cccccccccccccc

RT/x

Resource type.

RD/xxxx

Resource flags from RDT.

Byte 1:
- X'80' = Resource supports access levels
- X'40' = Resource supports libraries
- X'20' = Resource supports PRIVPGM
- X'10' = Call resource exit for this resource
- X'08' = Resource supports VMUSER
- X'04' = Resource is protected by default
- X'02' = Resource supports 44 character names
- X'01' = Validate the resource using AUTH(MERGE)
Byte 2:
- X'80' = Fake RDT entry (internal use)
- X'40' = Built in resource indicator
- X'20' = Use AUTH(ALLMERGE)
- X'10' = VAX remote resource
- X'08' = Does not prefix by default
- X'04' = PIE type resource
- X'02' = Allow access by default
- X'01' = Maskable RIE

AC/xxxxxxxx

Requested (byte 1) and allowed (byte 2) access to resource

The meanings of these flags vary from resource type to resource type. A list of these values for a specific resource may by found by listing the required RDT entry:
```
	TSS LIS(RDT) RESCL(resource-class)
```

AT/xxxx

ACTION associated with permit

X'8000' = Treat authorization in FAIL mode
X'4000' = Process as privileged CP command/diagnose
X'2000' = Audit this access
X'1000' = Invoke installation exit
X'0800' = Issue message TSS0400I to operator
X'0400' = Reserved
X'0200' = Prompt for link password (minidisk only)
= Base data set access on volume access (O/S volume only)
= Deny access (resource only)
X'01' = Reverify password (MVS resource only)

AL/xxx..x

Algorithm details

Byte 1: High length of resource found
Byte 2: Algorithm detail
- X'00' = Resource access allowed
- X'04' = Resource not defined
- X'08' = Resource access denied
- X'0C' = Resource access denied with ACCESS(NONE)
Byte 3: How resource is authorized
- X'80' = Owned by ACID or connected profile
- X'40' = Permitted to ACID or connected profile
- X'00' = No authorization exists
Byte 4: Which profile for resource
- X'00' = Permitted to/owned by ACID
- X'01'-X'FC' = Relative profile
- X'FF' = ALL Record
Byte 5: Rule within user/profile ACID record
Byte 6: Which profile for volume (O/S data set only)
Byte 7: Rule within profile for volume (O/S data set only)

RN/ccc..c

Resource name

If the resource being validated also supports the VMUSER attribute, a third trace record is provided:
```
TSS-2  VH/x  VU/cccccccc
```

VH/x

High length of VMUSER

VU/ccc..c

Name of VMUSER being validated

TSS-5  fieldname/pf  fieldname/pf  fieldname/pf  fieldname/pf  fieldname/pf  fieldname/pf

Fieldname

Name of field to be extracted

pf

Relative security record from which the field was extracted:

00 = User record
01-FE = Profile 1-254
FF = Default value supplied
NF = Field not found