What is the new AUDIT component of CA SYSVIEW?
search cancel

What is the new AUDIT component of CA SYSVIEW?

book

Article ID: 54600

calendar_today

Updated On:

Products

CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services Datacom/AD CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Compress Data Compression for MVS Compress Data Compression for Fujitsu Cross Enterprise Application Performance Management (APM) SYSVIEW Performance Management NXBRIDGE - SYSVIEW/ENDEVOR

Issue/Introduction

Description:
The new AUDIT component of CA SYSVIEW is automatically started at STC initialization, and will create Audit Event records for pre-defined system altering actions available in the product.

 

Environment

SYSVIEW 16.0 & 17.0 - Common Services 15.0 - z/OS supported releases -

Resolution

Solution:
The CA SYSVIEW Audit Event component lets record events or actions occurring within CA SYSVIEW that change resources.

The Audit Event can be used to view and control the historical audit activities.

The AUDIT configuration information, which can be dynamically modified via the AUDITDEF command, is saved to the Persistent Data Store when the AUDIT task is terminated or can be done manually using the SAVE subcommand of the AUDITDEF command.
From the AUDITDEF command, the options for each Audit Event that occurs  can be changed where any or all of the following can be done: 
Write a record to SMF recording the event.
Write a record to the logstream recording the event.
Notify CA OPS/MVS of the event.
Issue a WTO message recording the event.

For example if a user issues the ADD subcommand of the APFLIST primary command to add a dataset to the APFLIST, and AUDIT is active for this action (by default it is), an entry should be seen on the AUDITLOG for that add.

Additional information contained in the log record is:
JobId            The job ID from where the event record was created
ASID            The ASID of the job from where the event record was created.
Terminal       The terminal name from where the event record was created.
Interface       The interface name from where the event record was created.
Profile           The profile name of the user that created the event record.
SecGroup     The security group of the user that created the event record.
UserName    The user name that created the event record.
Type             The record type.
Length          The record length
Wishing to turn off auditing use the AUDITDEF command to set entries ACTIVE or INACTIVE as desired.
Wishing to to make all entries inactive, enter the following commands from the AUDITDEF display:
FILL ACTIVE INACTIVE 1-9999
SAVE