How to set a SECDEBG security debugging trace in TPX?
search cancel

How to set a SECDEBG security debugging trace in TPX?

book

Article ID: 24218

calendar_today

Updated On:

Products

TPX - Session Management Vman Session Management for z/OS

Issue/Introduction

What is the procedure to start a SECDEBG trace?

Environment

CA TPX for z/OS

Resolution

SECDEBG is an enhanced security debugging trace. Broadcom Technical Support may request you to provide this trace output in order to diagnose problems.


Before starting a SECDEBG trace, gather the following information:

  • Is ACL/E authorized? This is necessary to do the SECDEBG trace.
    • Look for message 'TPX9925 OPTION ACLE OF CA-TPX IS AUTHORIZED' in the beginning of the TPX job log.
  • What is your Command Key? This can usually be found on the CA-TPX Main Menu at the top.
    • Example: CMDKEY=PF12 
  • What is your Command Character? This can usually be found on the CA-TPX Main Menu at the top.
    • Example: CMDCHAR=/




To execute the SECDEBG trace, do the following:

  1. Start a TPXOPER session. 
  2. At the command line, enter the following command: /S SECDEBG(press PF12) 
    • no blanks after the letter G. 
    • CMDCHAR = / 
    • CMDKEY = PF12 
    • S = is the command to start an ACL. 
    • SECDEBG is the ACL program to be run.
  3. The following screen displays:



TENSECDB                TPX Enhanced Security Debugging 
                                                        
Overtype appropriate data, then press F9.               
                                                        
Debugging parameters                                     
                                                        
  Turn on Security Trace . . . . . . . N      (Y/N)     
                                                        
  Decrypt Passwords in Trace . . . . . N      (Y/N)     
                                                        
  Trace Maximum Output . . . . . . . . N      (Y/N)     
                                                        
  Initial Trace Output Done  . . . . . N      (Y/N)     
 



4. Change all Ns to Ys and press the PF9 key to update.  
 
The SECDEBG trace is now turned on.

To turn off the SECDEBG trace, follow the same instructions as above changing all Ys to Ns then press the PF9 key to update.  The trace output is sent to the TPX LOG.

Send the log to support for review after the trace is complete.

 
NOTE:

  • When this trace is started, all user signons are traced. After the trace is started, sign on the problem userid as quickly as possible and then turn the trace off. 
  • The userid setting the trace should be different than the userid who will create the scenario for the trace to capture. 
  • SECDEBG is not set for any particular userid.
Powered by Wolken Software