ACFRPTPP - The Preprocessor
The ACFRPTPP record preprocessor utility reduces overhead when you want to run multiple report generators using the same SMF data. ACFRPTPP accepts files of SMF records and separates these records into intermediate files. Other report generators use these intermediate files and avoid reading through all of the SMF records. In addition, each intermediate file is sorted into a unique sequence appropriate for the intended report program.
The preprocessor also generates two special files. One file is used as input to the CA ACF2 report writer and CA Earl.
CA ACF2 checks whether the person submitting the utility is authorized to view or manipulate the input SMF data. If you specify RPTSCOPE in the GSO OPTS record, a user is restricted to the SMF record data that matches his or her privileges and restrictions. In the default case of NORPTSCOPE, no authorization checking is done.
The ACFRPTPP privileges and restrictions validated as part of report processing when RPTSCOPE is specified depends on the particular report using the intermediate files of the ACFRPTPP report. The preprocessor uses all the SMF record types and matches the user's authorities and scopes against these records.
Running the Report Using ISPF Panels
You can use the ACFRPTPP ISPF panel to create your input for the report. The following parameters can be found on the ACFRPTPP ISPF panel.
OUTPUT DATA SET NAMES
The files shown on the panel are standard CA ACF2 defined. You can define additional files as needed.
Specifies whether the output DSNS should be deleted.
When you have completed entering data on the first panel, press Enter and enter additional data entry.
SPECIFY SMF INPUT DATA SET NAMES (RECIN1 IS REQUIRED)
For an explanation of the options available, see Input and Output Files for Report Generators in Reporting.
OUTPUT LIST NAME: LIST ID
Specifies the 1- to 8-character output list name. ISPF prefixes the name you specify with the user's prefix from his profile and the characters ACF2.ACFRPTPP. For example, if you specify TEST as the output list name, your output list data set name is
Specifies information for a particular data set or group of data sets. This function is useful when investigating the accesses to a particular user's data sets. For example, to run a report of SYS1 data set loggings, specify MASK(SYS1.-). The default is all data sets.
Indicates if LOGSTREAM SMF data needs to be retrieved. This parameter is available for z/OS1.9 and higher when the SNF data is being captured by a LGR LOGSTREAM structure. When Y is specified an ACFRPTAL is displayed to provide specific logstream parameters.
Running the Report Using JCL
You can use JCL to run the ACFRPTPP utility. To run the ACFRPTPP report, see the documentation about using sample JCL to execute reports. The following are the parameters for this report.
Specifies that records being selected be limited to a logonid, or group of logonids. This parameter can produce the full set of CA ACF2 reports for an individual logonid or a set of logonids to all jobs.
ACFRPTPP accepts the following parameters.
Input and Output Files
ACFRPTPP uses the SYSPRINT, SYSIN, and RECxxxxx files as described in the documentation about input and output files for report generators.
These ddnames identify the files containing the input SMF records, as described in the documentation about input and output files for report generators. ACFRPTPP accepts one SMF input file per ddname. Do not concatenate SMF input files.
ACFRPTPP uses the SYSPRINT file for message and summary report output.
ACFRPTPP creates intermediate files identified by ddnames that begin with the characters SMF. Use these files to collect any combination of SMF records desired. Use these files as input to sort procedures, CA ACF2 report generators, and user-developed programs.
The following standard files are CA ACF2-defined:
- SMFAR-Rule database modification journal records
- SMFDA-MLS Dirauth event records
- SMFCR-TSO command trace records
- SMFDR-data set and program area records
- SMFDR1-data set access logging records
- SMFDR2-data set access violation records
- SMFDR3-data set access trace records
- SMFDR4-program access violation and logging records
- SMFER-Infostorage database modification journal records
- SMFFLT-flat file records for CA Earl processing
- SMFJR-Logonid database modification journal records
- SMFNR-environment records
- SMFOR-USS records
- SMFPR-system entry violation records
- SMFSR-System Authorization Facility (SAF) trace event records
- SMFTR-restricted logonid journal records
- SMFVR-generalized resource facility (GRF) event journal records
- SMFZR-DDB journal records
Define Additional Files
Define additional files by including one or more ddnames with the following formats:
Specifies the number of the particular SMF record type to extract. The ddname includes a number ranging from 0 to 255 that identifies the selected record type. For example, a file with the ddname SMF#0 collects type 0 records (system IPLs).
Collects from one to four CA ACF2 SMF record subtypes in a single data set. Each suffix letter in the ddname can specify a valid CA ACF2 SMF record subtype. For example, the following are some ddnames of this format and a description of the corresponding CA ACF2 SMF record subtype:
- SMF$A-GSO initialization
- SMF$G-GSO record processing
- SMF$AG-both GSO initialization and GSO record processing
Specifies the contents of the file of extracted records. Use any combination of one to five characters (excluding $ or ddnames for standard, CA ACF2-defined files previous listed under
SMFxxxxx. When using this ddname format, specify the SMFxxxxx(nnn|x,...,nnn|x, “description”) report parameter described later in this section. This parameter defines the records collected in the user-defined file.
With the exception of the SMFFLT files, the DCB attributes for both CA ACF2 and user-defined intermediate files are LRECL=32756, RECFM=VBS, and BLKSIZE=3665. The BLKSIZE can be overridden.
The DCB attribute for SMFFLT is RECFM=VB. The BLKSIZE and LRECL must be specified in JCL. The LRECL must be large enough to accommodate the largest record. We recommend LRECL=32756,BLKSIZE=32760.
If you omit any of the ddnames for any of these intermediate files, ACFRPTPP does not process that file. However, ACFRPTPP produces a summary of all input SMF records encountered, regardless of record number or applicability to an output file.
Description of Record
Access Rule database modification journal record
TSO command trace record
Data set access event journal record
MLS Dirauth event records
TSO command trace record
Infostorage modification journal record
Flat file records for CA Earl processing or ACFRPTWS utility
Logonid database modification journal record
CA ACF2 environment record
System entry violation journal record
CA Statistics record
System Authorization Facility (SAF) trace event records
Restricted Logonid trace record
Generalized resource event journal record
DDB Journal records
For the parameters listed, you can specify the name with the characters
SMFomitted, for example, AR(230).
Use the following parameters alternately:
Specifies the record number or numbers for CA ACF2 SMF record types written by all releases of CA ACF2. For example, SMF$R(223,230) defines the record numbers for Rule database modification records produced by any release of CA ACF2. This parameter is equivalent to specifying the parameter SMFAR(223,230).
Use commas or spaces to separate multiple record numbers in this parameter. The characters
SMFcan be omitted from the name of this parameter, for example, $R(223,230)
To specify the combined record number (CA ACF2-defined default of 230), use the SELECT parameter. The SELECT parameter, described in the following, lets you define the combined record number for several CA ACF2 record types simultaneously.
Defines the contents of an intermediate output file with a ddname format of SMF
xxxxx(described in the previous section). The letters “
xxxxx” correspond with the last one to five characters of the ddname. For example, this parameter is SMFTEST if the corresponding ddname of the file is SMFTEST.
In parentheses are the SMF record numbers (
nnn) or letter code (
x) (separated by commas or spaces) that define which SMF record types are collected in the intermediate file. You can specify up to 16 selections. See the table on the previous page for record numbers and letter codes. For example, SMFTEST(0,R,“TEST FILE”) specifies a file of system IPL and Access Rule database modification records. The description, TEST FILE, appears on the ACFRPTPP summary report. The description can be up to 16 characters long.
You can substitute any pair of delimiting characters for the double quotes surrounding the file description. The placement of the second delimiter marks the end of the description. For instance, SMFTEST(0,R,”TEST” FILE) results in the description TEST on the ACFRPTPP summary report. The remaining characters, FILE, are ignored and considered as a comment. If omitted, the second delimiter is treated as if it were placed just before the closing parenthesis. Be careful when using single quotes as a delimiter, since single quotes might be confused with other delimiting single quotes in the JCL PARM field. Single quotes should always be coded in pairs (that is, a closing quote should always be coded).
You can specify this parameter name with the characters
SMFomitted, for example, TEST(0,R,”SHORT FORM”)
Specifies the record numbers associated with the combined record type. Separate multiple record numbers with commas. By default, the combined record number is 230, as specified in the CA ACF2 field of the supplied @SMF macro in the ACFFDR. This parameter must specify the CA ACF2 combined record number that was in effect when the SMF records were written.
The defaults for the SMF
xxxxxand SELECT parameters are in effect only when CA ACF2 is running or when the ACFFDR is available (loadable) on the CPU that is executing the ACFRPTPP utility. If
anySMF record number is specified using these parameters, the numbers of
allSMF records to be processed must be explicitly specified; no default record numbers are in effect.
Since the ACFRPTPP utility acts as a preprocessor for the other CA ACF2 report generators, the SDATE, EDATE, STIME, and ETIME parameters specified for ACFRPTPP might override the SDATE and EDATE parameters specified for the individual report generator. For example, an SDATE of 098010 for ACFRPTPP would mean that an SDATE of 098001 for a report generator would have no effect.
The following sample output is in three parts.
Part 1 of 3.
<acf> Security - ACFRPTPP - SMF RECORD PRE-PROCESSOR - PAGE 1 DATE 12/20/05 (05.354) TIME 07.33 *-- RECORD SELECTION SUMMARY - BY DDNAME --* DDNAME DESCRIPTION COUNT SELECTION SMFAR RULES DB LOG 00 R,230-* SMFCR COMMAND TRACE 00 T,230-* SMFDA SECLBL COMPARES 00 U,230-* SMFDR1 DATASET LOGS 538 D,230-* SMFDR2 DATASET VIOS 00 D,230-* SMFDR3 DATASET TRACE 00 D,230-* SMFDR4 PGMNAME LOG/VIO 00 D,230-* SMFER INFO-STG DB LOG 237 E,230-* SMFFLT SMF FLAT FILE 3,493 D,P,V,R,L,A,E,J,O,T,Z,S,U,W,230-* SMFJR LOGONID DB LOG 175 L,230-* SMFNR ACF2 ENVIRONMENT 2,353 A,G,00,07,230-* SMFOR OMVS EVENTS 10 O,230-* SMFPR SYSTEM ENTRY VIO 05 P,230-* SMFSG STATISTICS RPT 86 W,230-* SMFSR SAF TRACE 07 S,230-* SMFTR RESTRICTED LIDS 00 J,230-* SMFVR RESOURCE LOG/VIO 105 V,230-* SMFZR DIST DATABASE 00 Z,230-* * - INDICATES ACF2 COMBINED SMF NUMBER --- TOTAL RECORDS PROCESSED --- READ=20,879 SELECTED=3,517 WRITTEN=7,010
Part 2 of 3.
<acf> SECURITY - ACFRPTPP - SMF RECORD PREPROCESSOR - PAGE 2 DATE 12/20/05 (05.354) TIME 07.33 *-- SMF RECORDS INPUT SUMMARY - BY DDNAME --* [---------- STARTING ----------] [----------- ENDING -----------] DDNAME [---PHYSICAL---][---LOGICAL----] [---PHYSICAL---][---LOGICAL---] DATE TIME DATE TIME DATE TIME DATE TIME RECMAN1 12/06/05 10.40 12/06/05 10.40 12/20/05 07.32 12/20/05 07.32
Part 3 of 3.
<acf> SECURITY - ACFRPTPP - SMF RECORD PREPROCESSOR - PAGE 3 DATE 12/20/05 (05.354) TIME 07.33 *-- SMF RECORDS INPUT SUMMARY - BY TYPE --* --0-- --1-- --2-- --3-- --4-- --5-- --6-- --7-- --8-- --9- 0- 24 0 0 0 165 165 0 0 24 0 10- 0 0 0 0 2379 571 0 66 0 3213 20- 1129 0 24 26 0 0 0 0 0 0 30- 1650 0 19 0 20 19 0 0 0 0 40- 2080 68 2280 22 0 0 0 0 0 0 50- 31 0 0 0 0 0 0 0 0 0 60- 412 75 532 0 413 63 37 0 0 0 70- 0 0 0 0 0 0 0 0 0 0 80- 0 0 0 0 0 0 0 0 0 83 90- 188 0 1608 0 0 0 0 0 0 0 100- 0 0 0 0 0 0 0 0 0 0 110- 0 0 0 0 0 0 0 0 0 0 120- 0 0 0 0 0 0 0 0 0 0 130- 0 0 0 0 0 0 0 0 0 0 140- 0 0 0 0 0 0 0 0 0 0 150- 0 0 0 0 0 0 0 0 0 0 160- 0 0 0 0 0 0 0 0 0 0 170- 0 0 0 0 0 0 0 0 0 0 180- 0 0 0 0 0 0 0 0 0 0 190- 0 0 0 0 0 0 0 0 0 0 200- 0 0 0 0 0 0 0 0 0 0 210- 0 0 0 0 0 0 0 0 0 0 220- 0 0 0 0 0 0 0 0 0 0 230- 3493 0 0 0 0 0 0 0 0 0 240- 0 0 0 0 0 0 0 0 0 0 250- 0 0 0 0 0 0 --0-- --1-- --2-- --3-- --4-- --5-- --6-- --7-- --8-- --9--
ACFRPTPP Field Descriptions
RECORD SELECTION SUMMARY
BY DDNAME-Lists, by ddname, each file that is provided for ACFRPTPP output (that is, those ddnames that begin with SMF). For each file, the report provides a description, the number of records written into the file, and the corresponding SMF record number or CA ACF2 subtype of records requested for the file.
TOTAL RECORDS PROCESSED
Shows the total number of records that were:
- Read from all of the SMF input files (ddname formats of RECxxxxx)
- Selected from the input records for the purpose of output
- Written to all of the output intermediate files
SMF RECORDS INPUT SUMMARY
BY DDNAME-Shows the ddname of each SMF input file processed by ACFRPTPP. For each file, this section shows the physical starting and ending date and time, which is both the date and time that the first and last records were written. This section also shows the logical starting and ending date and time, which is both the date and time from the earliest and latest records in the file.
SMF RECORDS INPUT SUMMARY-BY TYPE
Shows the number of records read for each SMF record type. The types are identified by SMF record number (IBM record type field of the record). To interpret which record number corresponds with each total shown on the table, add the number to the left of the row where the total appears to the number at the top of the column where the total appears.