VERY HIGH consumption of SMF CPU and SMF records 80 AFTER IPL when signing SMF logs
Article ID: 243100
Updated On:
Products
Issue/Introduction
Defined TSS (Top Secret) parameters for activating signing of SMF logs.
All works fine when DYNAMICALLY activation is done with SET SMF=xx , SMFPRMxx contains the RECSIGN parameter .
BUT when this parameter is processed STATICALLY AT IPL TIME , SMF CPUTIME is very high and SMF records 80 counter explodes
from 1000 by hour to 91,000,00 by hour.
Environment
Release : 16.0
Component : Top Secret for z/OS
Resolution
The calls are being driven from the SMF address space in cross-memory mode. The only way to suppress the logging of these smf type=80 events is to code TSSINSTX using the VIOXMEM exit point.
Sample code in order to suppress the logging:
TSSINSTX CSECT DO NOT INSERT OR DELETE STATEMENTS HERE
DC AL1(#####YES) 84 VIOLATION NOTIFICATION - XMEM BGS6851
VIOXMEM DS 0H BGS6851
* USER CODE GOES HERE TO EXAMINE OK+B event from SMF
ICM R6,15,TXA#FLOG R6 = Addr Fast Logging Buffer
JZ NOLOG1
USING FLOG,R6
TM FLIND1,$FLBYPSS Bypass Security ?
JZ LOGIT1 no, log this event
ICM R7,15,TXA#ACID R7 = Addr Acid
CLC 0(8,R7),=CL8'+SMF' ACID ID +SMF ?
JE NOLOG1 Y, don't log
J LOGIT1 N, log it
NOLOG1 DS 0H
J EXIT4 Bypass logging
LOGIT1 J EXIT0 log this event
DROP R6
EJECT
Assemble and link TSSINSTX then set the TSS Parmfile Control Option EXIT(ON). It can then be activated dynamically via, TSS MODIFY(EXIT(ON)). Dynamic activation will only be good for the life of the address space so it needs to be in the Parmfile to ensure that it continues to work after all IPL's/Recycles.
Feedback
