How to use the SECDEBG security debugging trace in CA TPX?

Document ID : KB000024218
Last Modified Date : 23/02/2018
Show Technical Document Details
Question:

How to start a SECDEBG trace?

    Environment:
    CA TPX for z/OS
    Answer:
    SECDEBG is an enhanced security debugging trace. CA Support may request you to provide this trace output in order to diagnose problems.


    Before starting a SECDEBG trace, gather the following information:
    • Is ACL/E authorized? This is necessary to do the SECDEBG trace.
      • Look for message TPX9925 OPTION ACLE OF CA-TPX IS AUTHORIZED
    • What is your Command Key? This can usually be found on the CA-TPX Main Menu at the top.
      • Example: CMDKEY=PF12 
    • What is your Command Character? This can usually be found on the CA-TPX Main Menu at the top.
      • Example: CMDCHAR=/


    To execute the SECDEBG trace, do the following:
    1. Start a TPXOPER session. 
    2. At the command line, enter the following command: /S SECDEBG(press PF12) 
      • no blanks after the letter G. 
      • CMDCHAR = / 
      • CMDKEY = PF12 
      • S = is the command to start an ACL. 
      • SECDEBG is the ACL program to be run.
    3. The following screen displays:
    TENSECDB                TPX Enhanced Security Debugging 
                                                            
    Overtype appropriate data, then press F9.               
                                                            
    Debugging parameters                                     
                                                            
      Turn on Security Trace . . . . . . . N      (Y/N)     
                                                            
      Decrypt Passwords in Trace . . . . . N      (Y/N)     
                                                            
      Trace Maximum Output . . . . . . . . N      (Y/N)     
                                                            
      Initial Trace Output Done  . . . . . N      (Y/N)     

     
    4. Change all Ns to Ys and press the PF9 key to update. (You may leave Decrypt Passwords in Trace set to N.)
     
    The SECDEBG trace is now turned on.

    To turn off the SECDEBG trace, follow the same instructions as above changing all Ys to Ns then press the PF9 key to update.  The trace output is sent to the TPX LOG.

    Send the log for review after the trace is complete.
     
    NOTE:
    • When this trace is started, all user signons are traced. After the trace is started, sign on the problem userid as quickly as possible and then turn the trace off. 
    • The userid setting the trace should be different than the userid who will create the scenario for the trace to capture. 
    • SECDEBG is not set for any particular userid.