What is needed to capture sign on and sign off events for all ACIDs?
Include INIT in the global LOG control option setting and also in any facility LOG options set. You can make the changes in the CA Top Secret parameter file and these will take effect the next time CA Top Secret is recycled.
These can also be set with a TSS MODIFY command, but you must include any other LOG settings with INIT. For example, if your global LOG option is LOG(SEC9,MSG) and you want to include INIT, use:
TSS MODIFY LOG(SEC9,MSG,INIT).
Be sure to set LOG(SEC9,MSG,INIT) in the CA Top Secret parameter file to make this change permanent.
Do the same for any facilities in the CA Top Secret parameter file that have a LOG option set for the specific facility. For example, if the CA Top Secret parameter file has:
and you want to include INIT, use:
TSS MODIFY FAC(CICSPROD=LOG=(SEC9,MSG,INIT))
and change the CA Top Secret parameter file statement to:
to make the change permanent.
LOG(INIT) logs all job/session initiations and terminations to the audit file. You can run TSSUTIL with:
REPORT EVENT(JOBS) LONG
REPORT EVENT(INIT,TERM) LONG
and this will select the job/session initiations (sign ons) and terminations (sign offs). The events will include the date, time, and facility. With the LONG option specified on the REPORT statement, the facility name will be spelled out.
NOTE: Setting LOG(INIT) will cause more records to be written to the audit file, so the audit file will fill up faster and either wrap (if using just 1 audit file) or switch (if using 2 audit files) more frequently. There will also be more I/O to the audit file to write these records.
Release: TOPSEC00200-15-Top Secret-Security