Need to extract security violations for archive from the SMF80 record.    

Release : 16.0

Component : CA Top Secret for z/OS

To determine which records are violation from the SMF80 record, use the FLRETCOD field which is the system RC.

If it contains anything other than a zero, then its a violation event.

To get more details about the violations, use the FLDETLRC instead, which contains the detailed reason code. If it contains something other than a zero, then its a violations event. Using this field will tell you two things. A violation occurred and what type of violation occurred. FLRETCOD will only tell you a violation occurred.

The SMF80 record layout out is documented here.