Logging IBM LOGSTRM in Top Secret
Article ID: 212335
Updated On:
Products
Issue/Introduction
Applied SO14538 for logging of IBM LOGSTR information. It is not clear from the HOLDDATA or fix description exactly where this information is being logged and if it is enabled with Top Secret Control option OPTION(95).
1) Does this add additional fields to the ATF (Audit Tracking File) which then shows up in the TSSUTIL report?
2) Does this also log to SMF?
Support for Logstream Forwarding init_ACEE Service Call (SO14538) (CARS2012)
CA Top Secret now supports forwarding a user's IP address when calling the System Authorization Facility (SAF) to authenticate the user. If a LOGSTR= on the init_ACEE request is received, CA Top Secret passes the value through the RACROUTE VERIFY command issued in response to the request. This improves the security administrator's logging and auditing capabilities.
ENABLE with Control OPTIONS(95)
Environment
Release : 16.0
Component : CA Top Secret for z/OS
Resolution
With OPTIONS(95) and SO14538 applied, an additional field is logged to the Top Secret Audit & Tracking File and displayed in the TSSUTIL report (with the LONG option in the REPORT statement) if present. This will show as 'LOG STRING =' in the TSSUTIL report and will be the second line if present. Below is an example with and without OPTIONS(95) active.
Line from TSSUTIL OPTIONS(95) is OFF:
03/30/21 08:20:50 ssss aaaaaaa jjjjjjjj OPENMVS FAIL INITAC95 PASSWORD SIGNON OK+A INI J880080
RESOURCE TYPE & NAME : NAME=TESTER ONE
The same INITACEE with OPTION(95) set. The line in red is the new information that is displayed if the INITACEE has the information passed.
03/30/21 08:56:20 ssss aaaaaaa jjjjjjjj OPENMVS FAIL INITAC95 PASSWORD SIGNON OK+A INI J880082
LOG STRING = INITAC95.0.........2.........3.........4....5....5....5....6....5....7....5....8....5....9....5.7..0
RESOURCE TYPE & NAME : NAME=TESTER ONE
And this would also log to SMF dataset if LOG(SMF) Control Option is set.
Feedback
