TSSINSTX VIOLATN and VIOXMEM exit point question.

I have determined that the VIOLATN and VIOXMEM exit points control the logging of events.

When control is passed to these exit points, am I correct in believing that the FLOG will contain only one (1) event?

I ask this question because the FLOGHDR DSECT mapping suggests that it can have multiple associated FLOG DSECTs.

If the VIOLATN or VIOXMEM exit point sets a return code of four (4), indicating that the event is NOT to be logged, does this apply only to logging to the TSS audit files, or does it also apply to sending events to CA Compliance Manager or CA Compliance Event Manager?

Your questions:

I have determined that the VIOLATN and VIOXMEM exit points control the logging of events.
- A. You are correct.
When control is passed to these exit points, am I correct in believing that the FLOG will contain only one (1) event?
- A. Yes, there will be a single FLOG per event.

Turning off logging via the VIOLATN exit point will stop all logging for non-violation events to the ATF and/or SMF files only. Compliance Manager/Compliance Event Manager are not affected.