I am using MQ-Series heavily on a production system. We are seeing thousands of Audit records being cut in to the SMF data for report ACFRPTRV. Should I code a SAFDEF record to ignore the call to clean this up?

book

Article ID: 39057

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

Question 

I am using MQ-Series heavily on a production system. We are seeing thousands of Audit records being cut in to the SMF data for report ACFRPTRV.  Should I code a SAFDEF record to ignore the call to clean this up?

 

Answer:  

No, there is a parameter in MQ-Series to turn this off. Per MQ Documentation: WebSphere MQ 8.0.0>IBM MQ>Security>Setting up security>Setting up security on z/OS>Auditing considerations>Auditing RESLEVEL section.

You can decide whether to produce RESLEVEL audit records by setting the RESAUDIT system parameter to YES or NO. If the RESAUDIT parameter is set to NO, audit records are not produced. For more details about setting this parameter, see "Using CSQ6SYSP" section.

If RESAUDIT is set to YES, no normal external security audit records are taken when the RESLEVEL check is made to see what access an address space user ID has to the hlq.RESLEVEL profile. Instead, MQSeries requests that external security create a GENERAL audit record (event number 27). These checks are only carried out at connect time, so the overhead should be minimal.

Environment

Release:
Component: ACF2MS