TSSOERPT Utility

The TSSOERPT batch utility processes security-related activity recorded in SMF data sets to monitor user activity in a UNIX System Services (USS) environment. CA Top Secret logs security events under this environment to SMF using standard CA Top Secret SMF type 231 records. By default, log records are written for any security event that denies the ACID access to a USS function or resource. These records can assist you in determining the UID and GID of the ACID that was involved in the attempted access. The TSSOERPT utility uses type 231 SMF records. To get output for this report, you must be logging type 231 records to SMF.
ctsfz
The TSSOERPT batch utility processes security-related activity recorded in SMF data sets to monitor user activity in a UNIX System Services (USS) environment. CA Top Secret logs security events under this environment to SMF using standard CA Top Secret SMF type 231 records. By default, log records are written for any security event that denies the ACID access to a USS function or resource. These records can assist you in determining the UID and GID of the ACID that was involved in the attempted access. The TSSOERPT utility uses type 231 SMF records. To get output for this report, you must be logging type 231 records to SMF.
For sites with specific reporting requirements for activity in a USS environment, use the following members to produce customized reports on USS:
  • S231DESC (provided in the CAKOJCL0 library) -- Describes how to use the S231ASS, TSSSMFOX, and #SMF80 members.
  • S231ASSM (provided in the CAKOSRC0 library) -- Sample BAL source to map the SMF type 231 records
  • TSSSMFOX (provided in the CAKOMAC0 library) -- Mapping macro for the SMF type 231 record extension
  • #SMF80 (provided in the CAKOMAC0 library) -- Mapping macro for the SMF type 231(and 80) base record
For z/OS 1.9 and above, SMF data may be sent to the LOGGER services controlling the write of SMF data in LOGSTREAM structures. SMF data will not be recorded in the usual SYS1.MANx data sets. The TSSRPTST utility is able to read the data when:
  • The LOGR services are active on the system with the definitions that contains the SMF data.
  • A LOGR subsystem is active on the system
  • An IEFSSNxx member is defined and activated at IPL time with the definition:
    SUBSYS SUBNAME(LOGR) INITRTN(IXGSSINT)
    The RECxxxxx DD used to read the data has the format:
    //RECxxxxx DD DSN=IFASMF.DATA.LOGSTRM,DISP=SHR, // SUBSYS=(LOGR,IFASEXIT,subsys-options1,subsys-options2)
    Description of SUBSYS options-1 includes:
    [FROM={({[yyyy/ddd][,hh:mm[:ss]] }) | OLDEST}] [TO={({[yyyy/ddd][,hh:mm[:ss]] }) | YOUNGEST}] [,DURATION=(nnnn,HOURS)] [,VIEW={ACTIVE|ALL|INACTIVE}] [,GMT|LOCAL]
The subsys-options1 parameters used by the IBM IFASEXIT are the same as those used by the IFBSEXIT. For information on the parameters for IFBSEXIT, see IBM's
MVS Diagnosis: Tools and Service Aids
.