I want to log the use of a few programs in my system and have written resource rules to ALLOW and LOG the access, but I do not see any log entries unless TRACE is added to the LOGONID record. How can this be done?

Release : 16.0

Component : CA ACF2 for z/OS

Program validations are issued by IBM Contents Supervisor as RACROUTE REQUEST=FASTAUTH calls that normally are not logged. 

CA ACF2 allows the LOG field in the GSO CLASMAP record to override the LOG parameter and treat it as LOG=ASIS on a matching RACROUTE REQUEST=FASTAUTH call. It is also applicable to RACROUTE REQUEST=AUTH calls.

The internal GSO CLASMAP for the RESOURCE(PROGRAM) is mapped to TYPE(PGM) and defaults to NOLOG. To override the internal CLASMAP record, you can do an INSERT of a GSO CLASMAP for RESOURCE(PROGRAM) TYPE(PGM) with LOG as follows.

 ACF
 SET CONTROL(GSO)
 INSERT CLASMAP.pgm RESOURCE(PROGRAM) RSRCTYPE(PGM) ENTITYLN(8) LOG
 F ACF2,REFRESH(CLASMAP)

For more information on the CLASMAP record, see SAF Resource Classes (CLASMAP)