ACF2 cuts SMF records for many events. Is there a way to track users who is using password or password phrase at the time of LOGON in ACF2 ?
Release : 16.0
Component : CA ACF2 for z/OS
ACF2 had an enhancement added in 2019 with fix SO07040. With this enhancement, parameter LOGON can be used in the ACFRPTLL report.
//LLREPORT EXEC PGM=ACFRPTLL,REGION=0M
//RECMAN1 DD DISP=SHR,DSN=your SMF dataset name
//SYSPRINT DD SYSOUT=*
//SYSUDUMP DD SYSOUT=*
//SYSIN DD *,DCB=BLKSIZE=80
Output will look like this:
DATE TIME LOGONID JOBNAME CHANGER CHANGE CPU USING
20.115 04/24 09.23 USER1 MSTJCL00 LOGON DE28 PHRASE
20.115 04/24 09.23 USER2 MSTJCL00 LOGON DE28 PASSWORD
If the PTF is not applied, refer to Article Id: 26487 for information on tracking a logon event.
ACF2 does not cut an SMF record for a LOGOFF event. Use product COMPLIANCE EVENT MANAGER for tracking events like that.
PTF #: SO07040
Product: ACF2MS Release: 16.0
Two new parms are being added to the LL Report:
LOGON|NOLOGON - Default NOLOGON
LOGON|NOLOGON indicates whether or not the report should be based
on performing an UPDATE report displaying the method used for the
system entry. SUMMARY format will be forced when LOGON is specified.
LGNTYPE(logontype) is optional and allows the user to restrict the
report to a specific type of system entry. LGNTYPE options are: