search cancel

Security event record layout and reporting for *08*-B5 MLS security violation

book

Article ID: 188697

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

What is the record layout for a MLS "*08*-B5" security violation audit event in the SMF dataset?

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

The link that contains the record layout of the SMF80 record which will be making reference to the fields needed to locate the *08*-B5 type security events can be found here.



See the following fields in the security record to locate the *08*-B5 security events audited to the SMF dataset:

FLFLAGS DS X LOGGING INDICATORS:
$LOGVIOL EQU X'80' VIOLATION
...
...
...FLRETCOD DS X RETURN CODE
FLDETLRC DS X DETAIL REASON CODE
....
...
...


Choose the SMF80 records where :
1. FLFLAGS contain a x'80'. FLFLAGS is the event type. x'80' in this field is a 'violation'
2. FLRETCOD contains a x'08'. FLTRETCOD is the system RC.
3. FLDETLRC contains x'B5'. FLTRETCOD is the detailred reason code.

Notice that the TSSUTIL record layout is very similar to the SMF80 record. So, the logic used with the TSSUTIL records can be used with SMF80 records.