Previous Topic: Overriding Rule EvaluationNext Topic: Recommendations for Using the POSTRULE Exit

Reference GuideUser Exit ReferencePOSTRULE User ExitAuditing

Auditing

CA VM:Secure writes an audit record for each command evaluated by the Rules Facility. The audit record contains information about the request and a code indicating the type of request and whether it was accepted or rejected.

If the POSTRULE exit overrides the CA VM:Secure decision, the audit code reflects the type of command, the final decision made by the exit, and the fact that the exit overrode CA VM:Secure. The audit code for a decision made by an exit override is always one more than the audit code for the same decision made by CA VM:Secure.

Possible audit codes for decisions made by CA VM:Secure are shown in the following table. The second number (in parentheses) is the audit code for the same decision made by an exit override.

Audit Code

Meaning

480 (481)

AUTOLOG or XAUTOLOG accepted

490 (491)

LINK accepted

500 (501)

LOGON accepted

510 (511)

SPOOL or TRANSFER accepted

520 (521)

TAG accepted

530 (531)

AUTOLOG or XAUTOLOG rejected

540 (541)

LINK rejected

550 (551)

LOGON rejected

560 (561)

SPOOL or TRANSFER rejected

570 (571)

TAG rejected

620 (621)

DIAL accepted

630 (631)

DIAL rejected

690 (691)

LOGONBY accepted

700 (701)

LOGONBY rejected

870 (871)

STORE HOST accepted

880 (881)

STORE HOST rejected

1090 (1091)

Diagnose X’A0’ subcode ‘04’ or Diagnose X’88’ subcode X’08’ accepted

1100 (1101)

Diagnose X’A0’ subcode X’04’ or Diagnose X’88’ subcode X’08’ rejected

1110 (1111)

Diagnose X’A0’ subcode X’0C’ accepted

1120 (1121)

Diagnose X’A0’ subcode X’0C’ rejected

1140 (1141)

COUPLE accepted

1150 (1151)

COUPLE rejected

The POSTRULE exit can force CA VM:Secure to use the exit override form of the audit code by returning a value of 4 in register 15. If the POSTRULE exit returns a value of 0 in register 15, CA VM:Secure uses the exit override form of the audit code only if the exit has actually changed the value in PRXACODE. Your exit should not return any value other than 0 or 4.

The return code controls only the audit code. It has nothing to do with whether you are overriding the CA VM:Secure evaluation. Overrides are handled entirely by storing a new value in PRXACODE.