To report on successful Kerberos authentications (R_kerbinfo service) do we need to enable SMF type 231 records for input to the TSSOERPT utility?
Environment
Release: Component: TSSMVS
Resolution
Here is the info from the doc: https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/reporting/tssoerpt-utility TSSOERPT Utility Last update May 14, 2015 The TSSOERPT batch utility processes security-related activity recorded in SMF data sets to monitor user activity in a UNIX System Services (USS) environment. CA Top Secret logs security events under this environment to SMF using standard CA Top Secret SMF type 231 records. By default, log records are written for any security event that denies the ACID access to a USS function or resource. These records can assist you in determining the UID and GID of the ACID that was involved in the attempted access. The TSSOERPT utility uses type 231 SMF records. To get output for this report, you must be logging type 231 records to SMF.
You need to be logging type 231 records to SMF to get any TSSOERPT output.
The following link shows the service field values: https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/reporting/tssoerpt-utility/service-field-values