Top Secret SMF Type 80 Records - Logging Indicators - $LOGVIOL EQU X'80' VIOLATION
search cancel

Top Secret SMF Type 80 Records - Logging Indicators - $LOGVIOL EQU X'80' VIOLATION


Article ID: 187670


Updated On:


Top Secret


For the Top Secret SMF Type 80 Records - Logging Indicators - $LOGVIOL  EQU   X'80'   VIOLATION there is an audit question regarding the criteria that causes $LOGVIOL  EQU   X'80'   VIOLATION. 

BMC says the ‘LogReas_Violation=Yes’ maps to Top Secret SMF type 80 records, specifically if field ‘$LOGVIOL  EQU   X'80'   VIOLATION, then 'LogReas_Violation=Yes'.  Please review and provide feedback.

Draft Audit Response:

The criteria that causes ‘LogReas_Violation=Yes’ is  a Top Secret SMF type 80 record representing a violation which includes - ‘insufficient authority’ , ’not a valid password’, ’Not Authorized to access protected object’ for event types   - Job Initiation  (01), Resource Access (02) and Policy Director Authorization (71) .

Job Initiation event records are created for user logons and batch job initiations. Violation qualifiers include ‘not a valid password’.

Resource access event records are created by the access to a resource (datasets, CICS transactions, Databases, etc). Violation qualifiers include ‘insufficient authority’.

Policy Director Authorization event records are created for Policy Director Authorization Services. Violation qualifiers include ‘Not authorized to access protected object’.


Release : 16.0

Component : CA Top Secret for z/OS


The $LOGVIOL  EQU   X'80'   VIOLATION flag should be set for the following DRCs:
01 - 1D, 46, and 64, Initiation violation codes, including Password and OID violations (07 - 0F).
1E $BADPARM - Bad parameter passed on any RACROUTE call - any type of call.
20 $BADCLAS - Bad Resource Class Name passed on any AUTH or FASTAUTH call.
21 SYSERR - System internal error on a RACROUTE call.
23 $NOPRB - TSS cannot determine the program environment for a RACROUTE call.
2C $NOCORE - Storage problems prevented the call from succeeding.
65 – 72 Data set violation codes.
73 – 81 Volume violation codes.
42, 5F - 63, and 82 – 101 Resource violations.
For what each DRC means, please see the following chart in the documentation:

 Detailed Violation Error Reason Code Legend