On Mon, 29 Jan 2007 22:48:34 +0100, Jon Renton wrote: >- Why? We want to "trap" calls to certain 3rd party products and log these. >This is a standard auditing requirement and is not illegal. The use of this >information must of course be closely controlled to avoid any misuse. No >one worries above auditing in for example RACF. This is not an ethical >problem but is now determined in part by legal requirements such as SOX. Do these 3rd party products have defined exit points that might happen to allow for the logging as a part of an intended interface? That would seem to me to be the most obvious answer. And on the off-chance that they have no exit(s) currently, make it a requirement of the vendor (ISV) to provide for the exit that you need. They might say "No" in which case you either (a) rally their customer base to raise it as a community requirement or (b) pay some money for the RPQ to their product for the required exit facility. In other words, try working with the vendor(s) and see if it doesn't turn out to be one of the best ideas THEY ever had. >- The possible approaches discussed all have one negative aspect - they can >require changes to load modules, JCL, scripts, programs calls, etc. The >problem is that the source of the calls are not always known. Furthermore >such changes can be a maintenance overhead (eg. after applying updates). A >simple rename would in part solve the problem - is too easy to get around.
Maybe not; see my suggestion above. -- Tom Schmidt Madison, WI ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
