SMF codes
search cancel

SMF codes


Article ID: 144562


Updated On:


Top Secret Top Secret - LDAP


SMF logging activated and require SMF codes for the following.  

1.      Login attempt, success

2.      Login attempt, fail (and “why” is really helpful to know…bad password, account already locked out, MFA issue, etc.)

3.      Account Lockout occurred

4.      Logout (there really is no attempt/fail for this)

5.      Password change on logon screen

6.      Password change from command issued by user

7.      Password change from command issued by admin/system


Release : 16.0

Component : CA Top Secret for z/OS


SMF logging


There are no SMF flags that would indicate if it is a self admin password change or an admin id did the tss repl() pass() command.

Issue TSS MODI(LOG(CMDS)), any TSS command will be logged to the SMF file.

The SMF record contains the ACCESSOR that issued the command along with the TSS command.