CA VM:Secure records audit information for most CA VM:Secure commands and directory changes. If you are using the Rules Facility, CA VM:Secure audits the following CP commands as well: AUTOLOG, COUPLE, LINK, LOGON, LOGON BY, SPOOL, STORE HOST, TAG, TRANSFER, and XAUTOLOG. CA VM:Secure also audits CP Diagnose X’A0’ subcode 4 and Diagnose X’88’ subcode 8. CA VM:Secure writes audit records to the VMSECURE AUDIT file on the AUDT minidisk each time a user issues an audited command. The AUDIT user exit is called for each record. You can use it to select which audit records you want to be written to the AUDT minidisk.
When the AUDT minidisk fills, use the AUDITEXT command to move the audit records to your 191 minidisk, and reinitialize the AUDT minidisk. You can then use the information in the audit records as input to the VMXSRA and VMXSRB report programs. VMXSRA generates a report showing usage of all audited CP commands; VMXSRB generates a report of all audited system actions. To exclude certain types of audit records from the reports, you can use the SECURITY REPORTS user exit.
Note: For more information about the AUDITEXT command, VMXSRA and VMXSRB report programs, and the SECURITY REPORTS user exit, see the Reference Guide.
|
Copyright © 2014 CA.
All rights reserved.
|
|