Top Secret Audit Tracking File shows different information that the CSF log
search cancel

Top Secret Audit Tracking File shows different information that the CSF log

book

Article ID: 216960

calendar_today

Updated On:

Products

Issue/Introduction

Why is Top Secret Audit Tracking File report not showing values revealed in the CSF log? 

 

 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

RACROUTE security events get logged to the Top Secret Audit Tracking File, but has the following requirements to get logged:

1. LOG=NONE on RACROUTE security calls must NOT be set.
2. Top Secret auditing needs to be turned on via Top Secret Control Option LOG.
3. The resource needs to be defined to Top Secret as a protected resource.

Non-security violation activity can be written to the Top Secret Audit Tracking File.
1. To Audit a user's activity, add the AUDIT attribute to that user's

    TSS ADD(acid) AUDIT

2. To Audit a specific resource's access activity, add the resource to the AUDIT acid:

    TSS ADD(AUDIT) resource-class(resource)

 

Additional Information

REFERENCES:
How to setup recording of non-violations to be logged to the TSS Audit File

LOG—Control Event and Command Logging

Setting audit controls