Receiving an abundant amount of audit codes filling up the Audit file. I have increased the size of the Audit file but it still filled up. Upon investigating the Audit extract I found the following messages were filling up the Audit file:

220214080641DSC     DYNVMA  0870DYNVMA  RULE                    D
220214080641DSC     DYNVMA  0870DYNVMA  RULE                    D

I would appreciate understanding the steps involved in creating an AUDIT EXIT that will exclude this 870 code, which is: accepted STORE HOST

Release : 3.2

Component : VM:Secure for z/VM

A sample AUDIT User EXIT is provided on the VM:Secure SAMPLE code disk as VMXEXITG XASSEMBL.

A sample AUDIT User EXIT is provided on the VM:Secure SAMPLE code disk as VMXEXITG XASSEMBL.

From VMANAGER, issue a VMFSETUP for VM:Secure, then look/issue:

FILELIST VMXEXITG XASSEMBL *

You should find the example on the installation SAMPLE disk/directory.

Copy it to a local disk as VMXEXITG ASSEMBLE to make the updates you need for your site's customization of the sample EXIT.

Other than the fact that the sample does additional checking for specific MDISK link virtual addresses that you do not need, the sample EXIT should not be difficult to change the Audit Code (870) that you want to look at, then the UserID(s) you want to exclude from auditing for the 870 (STORE HOST).

Review this for information about the AUDIT EXIT.

And this general information for User Exits and User Exit implementation.

You also need access to the VMXUSER MACLIB that is located on the same SAMPLE disk/directory where you found the VMXEXITG XASSEMBL file.

It's probably best to edit and assemble the VMXEXITG Exit on VMANAGER where you can do a VMFSETUP for VM:Secure to make sure you have access to the most current copy of the VMXUSER MACLIB.

After you make you changes to the VMXEXITG ASSEMBLE file and BEFORE you assemble the file, issue the following GLOBAL MACLIB command:

GLOBAL MACLIB VMXUSER DMSGPI DMSOM OSMACRO

then issue your assemble command.

If you modified and assembled VMXEXITG on the VMANAGER 191, that means the VMXEXITG TEXT file is also on the VMANAGER 191 so the VMSECURE server likely does not have the VMANAGER 191 minidisk linked and accessed.  You either need to put the VMXEXITG TEXT file on the VMSECURE 191 minidisk, or put it on a minidisk that the VMSECURE has access to while it is running.

Remember to add the EXIT to the PRODUCT CONFIG file using the CONFIG PRODUCT command. When you FILE/SAVE the updated configuration, VMSECURE validates all config records including the EXIT records and includes/activates all those config records ... so bottom line, after you FILE/SAVE the PRODUCT CONFIG any included EXITs are loaded and active.

Regarding verification, you should be able to run AUDIT EXTRACT, then, for example, run the VMXSRB report to verify the items you included are not longer showing up in the AUDIT file.