Log All Sign Ons And Sign Offs

book

Article ID: 48657

calendar_today

Updated On:

Products

CA Cleanup CA Datacom - DB CA Datacom CA Datacom - AD CA Datacom - Server CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

Description:

What is needed to capture sign on and sign off events for all ACIDs?

Solution:

Include INIT in the global LOG control option setting and also in any facility LOG options set. You can make the changes in the CA Top Secret parameter file and these will take effect the next time CA Top Secret is recycled.

These can also be set with a TSS MODIFY command, but you must include any other LOG settings with INIT. For example, if your global LOG option is LOG(SEC9,MSG) and you want to include INIT, use:

TSS MODIFY LOG(SEC9,MSG,INIT).

Be sure to set LOG(SEC9,MSG,INIT) in the CA Top Secret parameter file to make this change permanent.

Do the same for any facilities in the CA Top Secret parameter file that have a LOG option set for the specific facility. For example, if the CA Top Secret parameter file has:

FAC(CICSPROD=LOG=(SEC9,MSG))
and you want to include INIT, use:
TSS MODIFY FAC(CICSPROD=LOG=(SEC9,MSG,INIT))
and change the CA Top Secret parameter file statement to:
FAC(CICSPROD=LOG=(SEC9,MSG,INIT))

to make the change permanent.

LOG(INIT) logs all job/session initiations and terminations to the audit file. You can run TSSUTIL with:
REPORT EVENT(JOBS) LONG
or
REPORT EVENT(INIT,TERM) LONG

and this will select the job/session initiations (sign ons) and terminations (sign offs). The events will include the date, time, and facility. With the LONG option specified on the REPORT statement, the facility name will be spelled out.

NOTE: Setting LOG(INIT) will cause more records to be written to the audit file, so the audit file will fill up faster and either wrap (if using just 1 audit file) or switch (if using 2 audit files) more frequently. There will also be more I/O to the audit file to write these records.

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: