RSTDSEG applies to restricted segments only, that is, those defined with CLASS R, like GCS
You'd need to audit DIAG64 (refer to RACF's auditor's guide for more details)
Create a profile in the VMXEVENT class (if you don't have one yet):
RAC RDEFINE VMXEVENT MYEVENTS
Then change the content to tell what needs to be monitored/audited
RAC RALTER VMXEVENT MYEVENTS ADDMEM(DIAG64/AUDIT)
Then tell RACF to use (refresh) this events profile:
RAC SETEVENT REFRESH MYEVENTS
I don't know which information will be recorded in the SMF file, consule the Auditor's guide to find how to use the report writer to read the SMF file, or create a PIPE to filter yourself what you need.
Kris,
IBM Belgium, VM customer support
| Colin Allinson <[EMAIL PROTECTED]>
Sent by: The IBM z/VM Operating System <IBMVM@LISTSERV.UARK.EDU> 19/09/2006 14:21
|
|
On 17/09/2006 at 04:14 Alan Altmark <[EMAIL PROTECTED]> wrote:
>An external security manager such as RACF can audit all accesses to any
>particular NSS or DCSS.
>Alan Altmark
>z/VM Development
>IBM Endicott
This would be useful as we have RACF. Can you give me any guidance on how to set this up. I am guessing it has something to do with setting VMXEVENT monitoring of RSTDSEG - but I have not worked it out yet (I seem to need to raise my base level of knowledge on the workings of RACF!!).
Colin Allinson
Amadeus Data Processing
