SMF codes
search cancel

SMF codes

book

Article ID: 144562

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

SMF logging activated and require SMF codes for the following.  

1.      Login attempt, success

2.      Login attempt, fail (and “why” is really helpful to know…bad password, account already locked out, MFA issue, etc.)

3.      Account Lockout occurred

4.      Logout (there really is no attempt/fail for this)

5.      Password change on logon screen

6.      Password change from command issued by user

7.      Password change from command issued by admin/system



Environment

Release : 16.0

Component : CA Top Secret for z/OS

Cause

SMF logging

Resolution

There are no SMF flags that would indicate if it is a self admin password change or an admin id did the tss repl() pass() command.

Issue TSS MODI(LOG(CMDS)), any TSS command will be logged to the SMF file.

The SMF record contains the ACCESSOR that issued the command along with the TSS command.