TSSTRACK Utility

ctsfz
TSSTRACK allows administrators and auditors to monitor security-related events in real time for one or more systems. Information is obtained from the CA Top Secret Audit/Tracking File, providing you with a complete, up-to-date display of violations and other audited events. A single terminal can be used to monitor activity on all systems using CA Top Secret and a common Audit/Tracking File.
As distributed, this utility is executable under TSO and CICS. TSSTRACK can be used at both 3270 terminals with 80 or 132 character widths or non-3270 terminals under TSO. Only 3270 terminals are supported under CICS. TSSTRACK supports up to 30 CPUs.
TSSTRACK is designed primarily for continuous monitoring of security-related events. If you wish to extract information about particular events, execute the batch TSSUTIL program. You cannot run TSSTRACK from RACF/SAC compatibility mode.
Considerations
The following considerations affect the TSSTRACK utility:
  • Security related events are displayed in chronological order as found in the Audit/Tracking File(s). No sorting is performed.
  • Report and tracking depends greatly upon the correct specification of logging options. The LOG option lets you request the type of events to be logged; specify where logging information is recorded; and choose where violation notification is to be made.
  • The following logging options are required to obtain security information:
    • LOG(INIT,...) requests logging of all job/session initiations and terminations.
    • LOG(SMF,...) requests SMF recording in addition to logging on the Audit Tracking File.
  • Each facility can be separately monitored.
  • To obtain audited events, you must be auditing resources and/or user activity.
  • The security authority under which TSSTRACK is executed.
Types of Security Events to Interrogate
TSSTRACK reads Audit/Tracking files (ATFs) to obtain information about security events for the administrator. Use this utility to interrogate:
  • Live security events against the current audit file
  • Historical security events against ATFs no longer in use.
Authority and Scope
To use TSSTRACK, you must be defined as a security administrator (SCA, LSCA, ZCA, VCA or DCA) or the MSCA and have the following administrative authority:
TSS ADMIN(acid) ACID(REPORT,AUDIT) RESOURCES(REPORT,AUDIT)
A user with no administrative authority may use TSSTRACK if given USE access to entity TSSUTILITY.TSSTRACK in the CASECAUT resource class. This access may be granted by an administrator using the following command:
TSS PERMIT(user) CASECAUT(TSSUTILITY.TSSTRACK) ACCESS(USE)
Only those events associated with ACIDs within your scope are tracked. For example, a divisional administrator receives information only about events involving ACIDs in her division. (The scope of authority is determined by the assigned ACID type when you were defined to CA Top Secret.)