Send TSS messages to Z/OS syslogd daemon

book

Article ID: 110145

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

How to send TSS violation messages to a SIEM system (Splunk) outside z/os using syslogd services

We want to send TSS violation messages to a SIEM system (Splunk) outside z/os using syslogd services. Can TSS send the violation messages to a local syslog in Z/OS. 

Environment

z/os

Resolution

You can send some violation messages via the LOG control Option by setting SEC9: 
SEC9 
Routes the following violation summary messages to the security console through route code 9: 
TSS7100E 
TSS7220E 
TSS7200E 
TSS7250E 

Here is the link for the SEC Control Option: 
https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/specifying-control-options-to-modify-your-security-environment/logcontrol-event-logging