Suppress certain Audit records

book

Article ID: 14704

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Can you limit auditing?



When a user has the AUDIT attribute, can you control limit the auditing for that user?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution


Since you have the AUDIT attribute, all access activity is being logged.

There is no built in functionality in CA Top Secret that can granulize auditing. It all or nothing.

A user written TSSINSTX exit could be written to suppress the logging to the Audit Tracking File for the user.


The following is sample Assembler code to suppress OK+B records:

Example:

If Acid = *BYPASS*
or if Pgm = IKJEFT01 and running as batch job.
VIOLATN DS 0H
ICM R5,15,TXA#FLOG R5 = Addr Fast Logging Buffer
USING FLOG,R5 Map Buffer
TM FLIND1,$FLBYPSS Bypass Security ?
BZ LOGIT no, log this event
ICM R3,15,TXA#ACID R3 = Addr Acid
CLC 0(8,R3),=CL8'*BYPASS*' Acid *BYPASS* ?
BE NOLOG Y, don't log
CLC FLPGM,=CL8'IKJEFT01' TMP ?
BNE LOGIT N, log this event
CLI FLTYPNUM,C'J' TMP Batch ?
BE NOLOG Y, don't log
B LOGIT N, log it
NOLOG B EXIT4 Bypass logging
LOGIT B EXIT0 log this event

You can modify it to suppress OK+A records for your acid instead of OK+B records.

The mapping of the CA Top Secret Installation Exit parameter list is in the CA Top Secret Optional Materials Library in member #INSTXPL.

Please note that any changes to the Installation Exit are supposed to be user written and not supported by CA. The above code is a sample and not supported by CA.

The CA Top Secret Installation Exit is documented in CA Top Secret User Guide.