Logging IBM LOGSTRM in Top Secret
search cancel

Logging IBM LOGSTRM in Top Secret


Article ID: 212335


Updated On:


Top Secret


Applied SO14538 for logging of IBM LOGSTR information.  It is not clear from the HOLDDATA or fix description exactly where this information is being logged and if it is enabled with Top Secret Control option OPTION(95). 

1) Does this add additional fields to the ATF (Audit Tracking File) which then shows up in the TSSUTIL report?

2) Does this also log to SMF?

Support for Logstream Forwarding init_ACEE Service Call (SO14538) (CARS2012)
CA Top Secret now supports forwarding a user's IP address when calling the System Authorization Facility (SAF) to authenticate the user. If a LOGSTR= on the init_ACEE request is received, CA Top Secret passes the value through the RACROUTE VERIFY command issued in response to the request. This improves the security administrator's logging and auditing capabilities.

ENABLE with Control OPTIONS(95)


Release : 16.0

Component : CA Top Secret for z/OS


With OPTIONS(95) and SO14538 applied, an additional field is logged to the Top Secret Audit & Tracking File and displayed in the TSSUTIL report (with the LONG option in the REPORT statement) if present. This will show as 'LOG STRING =' in the TSSUTIL report and will be the second line if present. Below is an example with and without OPTIONS(95) active.

Line from TSSUTIL OPTIONS(95) is OFF:

03/30/21  08:20:50  ssss  aaaaaaa   jjjjjjjj  OPENMVS   FAIL      INITAC95  PASSWORD SIGNON      OK+A   INI  J880080                
                    RESOURCE  TYPE & NAME :             NAME=TESTER ONE              

The same INITACEE with OPTION(95) set. The line in red is the new information that is displayed if the INITACEE has the information passed.

03/30/21  08:56:20  ssss  aaaaaaa   jjjjjjjj  OPENMVS   FAIL      INITAC95  PASSWORD SIGNON      OK+A   INI  J880082                
LOG STRING = INITAC95.0.........2.........3.........4....5....5....5....6....5....7....5....8....5....9....5.7..0                   
                    RESOURCE  TYPE & NAME :             NAME=TESTER ONE    

 And this would also log to SMF dataset if LOG(SMF) Control Option is set.