Top Secret has the ability to audit specific resources or users via AUDIT attribute, AUDIT record and ACTION(AUDIT on the PERMT command and log their activity to the Top Secret Audit Tracking File or SMF dataset.
Top Secret documentation states that Top Secret Control Options LOG(INIT,SMF,ACCESS) to record all security events and signons/signoffs to the Top Secret Audit Tracking File for later reporting via TSSUTIL reports.
LOG(INIT) logs all signons and signoffs.
LOG(SMF) logs security events to the SMF dataset in addition to the Top Secret Audit Tracking File.
LOG(ACCESS) logs both allowed and failed access to resources otherwise only violations are recorded.
Does the resource or user need to be AUDITed in order to log all events with LOG(ACCESS)?
Release : 16.0
Component :
The resource or the acid does not need to be audited for LOG(ACCESS) to log both allowed and failed accesses to resources and acids.
LOG(ACCESS) will log both authorized and unauthorized access/security violations for all resource access, except for DBD, FCT, JCT, LCF, OTRAN, PPT, PROGRAM, and PSB access per the doc.
LOG(ACTIVITY) is the same as LOG(ACCESS,INIT). INIT causes successful signons to get logged. Without it, signons don’t get logged.