VIOLATN and VIOXMEM exit point

book

Article ID: 15872

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

TSSINSTX VIOLATN and VIOXMEM exit point question.



I have determined that the VIOLATN and VIOXMEM exit points control the logging of events.

When control is passed to these exit points, am I correct in believing that the FLOG will contain only one (1) event?

I ask this question because the FLOGHDR DSECT mapping suggests that it can have multiple associated FLOG DSECTs.

If the VIOLATN or VIOXMEM exit point sets a return code of four (4), indicating that the event is NOT to be logged, does this apply only to logging to the TSS audit files, or does it also apply to sending events to CA Compliance Manager or CA Compliance Event Manager?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

Your questions:


I have determined that the VIOLATN and VIOXMEM exit points control the logging of events.
- A. You are correct.
When control is passed to these exit points, am I correct in believing that the FLOG will contain only one (1) event?
- A. Yes, there will be a single FLOG per event.

Turning off logging via the VIOLATN exit point will stop all logging for non-violation events to the ATF and/or SMF files only. Compliance Manager/Compliance Event Manager are not affected.