A site may see a large amount of ck_IPC_access messages being produced in the ACFRPTOM report. These messages appear to all be loggings as follows:
Is there a way to remove these loggings from the report as it is generating millions of lines of output.
Release : 16.0
Component : CA ACF2 for z/OS
The ck_IPC_access entries in the ACFRPTOM report determines whether the current process has the requested access to the interprocess communication (IPC) key or identifier whose IPC security packet (IISP) is passed.
There are two methods of addressing the ck_IPC_access entries in the ACFRPTOM report. The logging entries can be stopped or the entries can be excluded the entries from the report.
The UNIXOPTS GSO record, allows sites to selectively control which USS events are logged such as the ck_IPC_access entries. There are seven parameters or options in the UNIXOPTS record that determine whether USS events within certain categories are logged to create an audit trail or whether these events are ignored. The IPCOBJ|NOIPCOBJ parameter can be used to control the cutting of the SMF records for ck_IPC_access, setting the GSO UNIXOPTS parameter IPCOBJ|NOIPCOBJ to NOIPCOBJ will suppress the ck_IPC_access SMF records.
IPCOBJ|NOIPCOBJ
Specifies if SMF records are to be cut for UNIX system services that control the auditing of the access control, IPC object changes and the creation and deletion of IPC objects. Some of the functions that will do this are msgctl, msgget, msgsnd, semctl, semget, semop, shmat, shmget and shmctl. The Security Server callable services that control cutting of this SMF record are ck_IPC_access, R_IPC_ctl, and makeISP.
The ACFRPTOM report 'EXCLUDE' parameter can be used to exclude service or services to be omitted from the ACFRPTOM report. For example:
//REPORT EXEC PGM=ACFRPTOM
//SYSPRINT DD SYSOUT=*
//RECMAN1 DD DISP=SHR,DSN=SYS1.MAN1
//RECMAN2 DD DISP=SHR,DSN=SYS1.MAN2
//RECMAN3 DD DISP=SHR,DSN=SYS1.MAN3
//SYSIN DD *
TITLE(ACFRPTOM)
DETAIL
EXCLUDE(ck_IPC_access)
/*