Re: Disposition of Log data in ISPF Panel
If you can locate the ISPF panel(s) that allow setting of the log options, you could have an installation-customized version of the panel that eliminates all options but 3. To initially set up users, you would either have to somehow force each user to select option 3 or locate and change the appropriate character in their profile dataset to set that lock option (hint, the field values are a letter, not the digits 1-4). But,... if your intent is for this to be an audit trail, not a diagnostic tool, forget it. Any sequential dataset that the user can create and log records to, he can also wipe records from. Also I don't think there is any easy way you can prevent the user from using LOG KEEP to create a new log file and then just completely deleting the old LOG. One would have to assume that any user savvy enough to be a risk requiring an audit trail would also be savvy enough to purge any incriminating ISPF log entries. Also you would have to daily offload and purge the log datasets if using option 3, to avoid them filling up. We have one case where we have used ISPF LOG retention: One marginally trained, clerical-type, ISPF user was periodically complaining she had created some PDS member months ago and it had since disappeared. SMF data showed no one else touching the dataset. To track down what was really going on, we forced the user's profile into LOG mode 4 (to avoid one dataset filling up), implemented a nightly batch process using batch REXX to archive all the user's daily LOG files into a daily GDG and delete old LOG files, and modified an installation edit macro that is invoked on entering EDIT or VIEW to create an ISPF LOG entry with the dataset/member name (ISPF by default creates a log entry only when a member is saved). Now if a similar complaint occurs, we can verify whether the described member ever was really edited, and if so, whether it was ever saved. We also suggested (once again) several possible ways the user could have failed to save their data. Amazingly enough the problem has yet to re-occur now that the user knows logging is in place. Another problem with ISPF logging is that the data is very limited (e.g., no data on panels used or panel field values), so unless you have installation dialogs written to log things of interest, you get a very limited view of what went on in the ISPF session. This feature appears to be intended more for logging diagnostic information than for an activity audit trail. Jacky Bright wrote: Like deletion of TSO datasets. Issuing TSO commands etc. These activities are recorded in log dataset when user logs off from the system dataset name like user.SPFLOG1.LIST When user logs off user gets following option 1. Print data set and delete 2. Delete data set without printing 3. Keep data set - Same (allocate same data set in next session) 4. Keep data set - New (allocate new data set in next session) I want to disable 1 , 2 and 4 option. JAcky On 2/14/07, Binyamin Dissen [EMAIL PROTECTED] wrote: On Wed, 14 Feb 2007 12:28:28 +0530 Jacky Bright [EMAIL PROTECTED] wrote: :I want to force all my TSO users to keep TSO Log dataset so that activities :carried out by all TSO users can be recorded. What activities? :AS of now all users are able to delete the datasets while logging off from :the system. Also during the run. The also can turn off logging. :How to configure this ? What data are you truly trying to collect? -- Binyamin Dissen [EMAIL PROTECTED] http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel ... -- Joel C. Ewing, Fort Smith, AR[EMAIL PROTECTED] -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Disposition of Log data in ISPF Panel
In [EMAIL PROTECTED], on 02/14/2007 at 12:28 PM, Jacky Bright [EMAIL PROTECTED] said: I want to force all my TSO users to keep TSO Log dataset There is none. You're probably thinking of the ISPF log. AS of now all users are able to delete the datasets while logging off from the system. If you mean exiting ISPF, you probably can't prevent it. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see http://patriot.net/~shmuel/resume/brief.html We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Disposition of Log data in ISPF Panel
We send our ISPF LOG and LIST datasets to SYSOUT. You could send them to some protected output class and archive them if necessary. Jim McAlpine On 2/14/07, Jacky Bright [EMAIL PROTECTED] wrote: Hi, I want to force all my TSO users to keep TSO Log dataset so that activities carried out by all TSO users can be recorded. AS of now all users are able to delete the datasets while logging off from the system. How to configure this ? JAcky -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Disposition of Log data in ISPF Panel
Keepers of the LOG, What if the ISPF user sets their primary and secondary LOG pages both to zero, no log? EdP Jim McAlpine [EMAIL PROTECTED] Sent by: IBM Mainframe Discussion List IBM-MAIN@BAMA.UA.EDU 02/16/2007 12:00 PM Please respond to IBM Mainframe Discussion List IBM-MAIN@BAMA.UA.EDU To IBM-MAIN@BAMA.UA.EDU cc Subject Re: Disposition of Log data in ISPF Panel We send our ISPF LOG and LIST datasets to SYSOUT. You could send them to some protected output class and archive them if necessary. Jim McAlpine On 2/14/07, Jacky Bright [EMAIL PROTECTED] wrote: Hi, I want to force all my TSO users to keep TSO Log dataset so that activities carried out by all TSO users can be recorded. AS of now all users are able to delete the datasets while logging off from the system. How to configure this ? JAcky -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Disposition of Log data in ISPF Panel
What if the ISPF user sets their primary and secondary LOG pages both to zero, no log? IT is sometimes just the task of finding the correct wrench to drive in the proper nail. Using the ISPF log as a security tool is such a task. RACF can authenticate. SMF can journal. - Too busy driving to stop for gas! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Disposition of Log data in ISPF Panel
On Wed, 14 Feb 2007 12:28:28 +0530 Jacky Bright [EMAIL PROTECTED] wrote: :I want to force all my TSO users to keep TSO Log dataset so that activities :carried out by all TSO users can be recorded. What activities? :AS of now all users are able to delete the datasets while logging off from :the system. Also during the run. The also can turn off logging. :How to configure this ? What data are you truly trying to collect? -- Binyamin Dissen [EMAIL PROTECTED] http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Disposition of Log data in ISPF Panel
Like deletion of TSO datasets. Issuing TSO commands etc. These activities are recorded in log dataset when user logs off from the system dataset name like user.SPFLOG1.LIST When user logs off user gets following option 1. Print data set and delete 2. Delete data set without printing 3. Keep data set - Same (allocate same data set in next session) 4. Keep data set - New (allocate new data set in next session) I want to disable 1 , 2 and 4 option. JAcky On 2/14/07, Binyamin Dissen [EMAIL PROTECTED] wrote: On Wed, 14 Feb 2007 12:28:28 +0530 Jacky Bright [EMAIL PROTECTED] wrote: :I want to force all my TSO users to keep TSO Log dataset so that activities :carried out by all TSO users can be recorded. What activities? :AS of now all users are able to delete the datasets while logging off from :the system. Also during the run. The also can turn off logging. :How to configure this ? What data are you truly trying to collect? -- Binyamin Dissen [EMAIL PROTECTED] http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Disposition of Log data in ISPF Panel
On Wed, 14 Feb 2007 17:16:59 +0530 Jacky Bright [EMAIL PROTECTED] wrote: :Like deletion of TSO datasets. Issuing TSO commands etc. The former is easily handled by checking SMF. As to the latter - They might be recordable in SMF as well. But - why? Which commands are you interested in? What are special about them? :These activities are recorded in log dataset when user logs off from the :system :dataset name like user.SPFLOG1.LIST :When user logs off user gets following option : 1. Print data set and delete : 2. Delete data set without printing : 3. Keep data set - Same :(allocate same data set in next session) : 4. Keep data set - New :(allocate new data set in next session) :I want to disable 1 , 2 and 4 option. It also can be easily removed by issuing the LOG DELETE command. And, of course, there is settings. Also, it can easily be altered to produce whatever one wants it to contain. It is not intended for the use you wish to make of it. You have to think of what you truly wish to do, and why. As a side point - you can use ISPF exits to track much of this. But as ISPF is a problem state program, it is quite easy to spoof the exits. :On 2/14/07, Binyamin Dissen [EMAIL PROTECTED] wrote: : On Wed, 14 Feb 2007 12:28:28 +0530 Jacky Bright [EMAIL PROTECTED] : wrote: : :I want to force all my TSO users to keep TSO Log dataset so that : activities : :carried out by all TSO users can be recorded. : What activities? : :AS of now all users are able to delete the datasets while logging off : from : :the system. : Also during the run. : The also can turn off logging. : :How to configure this ? : What data are you truly trying to collect? -- Binyamin Dissen [EMAIL PROTECTED] http://www.dissensoftware.com Director, Dissen Software, Bar Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Disposition of Log data in ISPF Panel
Depending on the size initially allocated these files will reach 16 extents quickly. What are you prepared to do to save and reallocate? Alan Schwartz Assurant Shared Business Services Lead Systems Programmer Phone: 651-361-4758 Fax: 651-361-5625 Jacky Bright [EMAIL PROTECTED] Sent by: IBM Mainframe Discussion List IBM-MAIN@BAMA.UA.EDU 02/14/2007 05:46 AM Please respond to IBM Mainframe Discussion List IBM-MAIN@BAMA.UA.EDU To IBM-MAIN@BAMA.UA.EDU cc Subject Re: Disposition of Log data in ISPF Panel Like deletion of TSO datasets. Issuing TSO commands etc. These activities are recorded in log dataset when user logs off from the system dataset name like user.SPFLOG1.LIST When user logs off user gets following option 1. Print data set and delete 2. Delete data set without printing 3. Keep data set - Same (allocate same data set in next session) 4. Keep data set - New (allocate new data set in next session) I want to disable 1 , 2 and 4 option. JAcky ** This e-mail message and all attachments transmitted with it may contain legally privileged and/or confidential information intended solely for the use of the addressee(s). If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, forwarding or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message and all copies and backups thereof. Thank you. ** -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Disposition of Log data in ISPF Panel
-Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Jacky Bright Sent: Wednesday, February 14, 2007 5:47 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Disposition of Log data in ISPF Panel Like deletion of TSO datasets. Issuing TSO commands etc. These activities are recorded in log dataset when user logs off from the system dataset name like user.SPFLOG1.LIST When user logs off user gets following option 1. Print data set and delete 2. Delete data set without printing 3. Keep data set - Same (allocate same data set in next session) 4. Keep data set - New (allocate new data set in next session) I want to disable 1 , 2 and 4 option. JAcky Silly, IMO. The person can still use the LOG command to force ISPF to switch to a new log. Then use option 3.4 to find the old log and delete it from there. Oh, and I doubt there is a way to stop this. At least with RACF, if the HLQ of a dataset is the same as the user's RACF id, then the implicit authority is ALTER, even if there exists a RACF profile which says something else. The dataset profile is ignored in this case. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Disposition of Log data in ISPF Panel
I want to disable 1 , 2 and 4 option. Why? Most of that activity is journalled in SMF. What are you going to do with the logs? Read them; archive them? - Too busy driving to stop for gas! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Disposition of Log data in ISPF Panel
Hi, I want to force all my TSO users to keep TSO Log dataset so that activities carried out by all TSO users can be recorded. AS of now all users are able to delete the datasets while logging off from the system. How to configure this ? JAcky -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
