Why am I getting many SMF 231 records being recorded for event with RC=0 on the SMF dataset?

book

Article ID: 38256

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Question:

Why am I getting many SMF 231 records being recorded for security events with RC=0 on the SMF dataset?

Answer: 

Any ACID with TRACE or AUDIT attribute will cause all Unix System Services security event to be logged for the ACID.

The CA Top Secret OMVS trace will also cause security events with RC=0 to be logged to the SMF dataset.

Issue a 'ST DEL,ID=ALL,END' to turn off all CA Top Secret OMVS traces.

 

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: