What is the new AUDIT component of CA SYSVIEW?
search cancel

What is the new AUDIT component of CA SYSVIEW?

book

Article ID: 54600

calendar_today

Updated On:

Products

CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services Datacom/AD CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Compress Data Compression for MVS Compress Data Compression for Fujitsu Cross Enterprise Application Performance Management (APM) SYSVIEW Performance Management NXBRIDGE - SYSVIEW/ENDEVOR

Issue/Introduction

Description:
The new AUDIT component of CA SYSVIEW r12.0 is automatically started at STC initialization, and will create Audit Event records for pre-defined system altering actions available in the product.

Solution:
The CA SYSVIEW Audit Event component lets you record events or actions occurring within CA SYSVIEW that change resources. You can then use the Audit Event displays to view and control the historical audit activities.

The AUDIT configuration information, which can be dynamically modified via the AUDITDEF command, is saved to the Persistent Data Store when the AUDIT task is terminated or can be done manually using the SAVE subcommand of the AUDITDEF command.
From the AUDITDEF command, you can change the options for each Audit Event that occurs where you can do any or all of the following:
Write a record to SMF recording the event.
Write a record to the logstream recording the event.
Notify CA OPS/MVS of the event.
Issue a WTO message recording the event.

For example if a user issues the ADD subcommand of the APFLIST primary command to add a dataset to the APFLIST, and AUDIT is active for this action (by default it is) you would see an entry on the AUDITLOG for that add.

Additional information contained in the log record is:
JobId            The job ID from where the event record was created
ASID             The ASID of the job from where the event record was created.
Terminal        The terminal name from where the event record was created.
Interface       The interface name from where the event record was created.
Profile           The profile name of the user that created the event record.
SecGroup       The security group of the user that created the event record.
UserName       The user name that created the event record.
Type             The record type.
Length           The record length
If you wish to turn off auditing use the AUDITDEF command to set entries ACTIVE or INACTIVE as desired.
If you wish to make all entries inactive, enter the following commands from the AUDITDEF display:
FILL ACTIVE INACTIVE 1-9999
SAVE

Environment

Release:
Component: CA90S
Powered by Wolken Software