I am using MQ-Series heavily on a production system. We are seeing thousands of Audit records being cut in to the SMF data for report ACFRPTRV. Should I code a SAFDEF record to ignore the call to clean this up?

Document ID : KB000039057
Last Modified Date : 14/02/2018
Show Technical Document Details

Question 

I am using MQ-Series heavily on a production system. We are seeing thousands of Audit records being cut in to the SMF data for report ACFRPTRV.  Should I code a SAFDEF record to ignore the call to clean this up?

 

Answer:  

No, there is a parameter in MQ-Series to turn this off. Per MQ Documentation: WebSphere MQ 8.0.0>IBM MQ>Security>Setting up security>Setting up security on z/OS>Auditing considerations>Auditing RESLEVEL section.

You can decide whether to produce RESLEVEL audit records by setting the RESAUDIT system parameter to YES or NO. If the RESAUDIT parameter is set to NO, audit records are not produced. For more details about setting this parameter, see "Using CSQ6SYSP" section.

If RESAUDIT is set to YES, no normal external security audit records are taken when the RESLEVEL check is made to see what access an address space user ID has to the hlq.RESLEVEL profile. Instead, MQSeries requests that external security create a GENERAL audit record (event number 27). These checks are only carried out at connect time, so the overhead should be minimal.