I have an application that makes an external security RACROUTE call. An abend occurs in the RACROUTE call. ACF2 SECTRACE does not show the RACROUTE call. How can I run SECTRACE to capture the RACROUTE call?

book

Article ID: 52898

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

Description:

The RACROUTE call may not be captured (traced) because the abend occurred during the RACROUTE processing. The default TRACEing option is POST|AFTER security validation processing occurred. You can change the TRACE option to PRE|BEFORE or ALL so the RACROUTE call can be captured (traced) prior to security validation processing occurring.

Solution:

The ACF2 SECTRACE operator command includes a TRACE operand which controls whether to capture(trace) RACROUTE calls prior to or after security validation processing occurs. The syntax is as follows:

TRACE=PRE|BEFORE|POST|AFTER|ALL

  • PRE|BEFORE - Specifies that the event is trapped before security validation or processing occurs.
  • POST|AFTER - Specifies that the event is trapped after security validation or processing occurs.
  • ALL - Indicates that the event is trapped before and after all security validation or processing occurs.

For example:

sectrace set,id=test,type=safp                                             
nn CAS21200 SPECIFY RACROUTE PARAMETERS, CANCEL OR END                     
r nn,request=auth,status=access,end                                        
nn CAS21100 CONTINUE SECTRACE SPECIFICATIONS, CANCEL, OR END               
r nn,TRACE=ALL,end                                                         
CAS21110 SECTRACE SET ON mm.ddd hh:mm:ss ID=TEST                           

To delete the SECTRACE, specify:

sectrace delete,id=test

Details on ACF2 SECTRACE and the ACF2 Security for z/OS System Programmer Guide in Chapter 6: Special Usage Consideration, section "Tracing SAF Requests".

Environment

Release:
Component: ACF2MS