I want to log the use of a few programs in my system and have written resource rules to ALLOW and LOG the access, but I do not see any loggings. I only see loggings when TRACE is added to the LOGONID record. How can this be done?

Document ID : KB000025718
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:  

I want to log the use of a few programs in my system and have written resource rules to ALLOW and LOG the access, but I do not see any loggings. I only see loggings when TRACE is added to the LOGONID record. How can this be done?

 

Answer:  

Program validations are issued by Contents Supervisor as RACROUTE REQUEST=FASTAUTH calls that normally are not logged. CA-ACF2 r12 and above includes an enhancement that allows the LOG parameter of the FASTAUTH call to be overridden to force loggings.

CA ACF2 has been enhanced to include support to allow the LOG field in the GSO CLASMAP record to override the LOG parameter and treat it as LOG=ASIS on a matching RACROUTE REQUEST=FASTAUTH call. It is also applicable to RACROUTE REQUEST=AUTH calls).

The internal GSO CLASMAP for the RESOURCE(PROGRAM) is mapped to TYPE(PGM) and defaults to NOLOG. To override the internal CLASMAP record, you can do an INSERT of a GSO CLASMAP for RESOURCE(PROGRAM) TYPE(PGM) with LOG as follows.

 ACF
 SET CONTROL(GSO)
 INSERT CLASMAP.pgm RESOURCE(PROGRAM) RSRCTYPE(PGM) ENTITYLN(8) LOG
 F ACF2,REFRESH(CLASMAP)

Additional Information:

For more information on the CLASMAP LOG parameter, see the CA ACF2 for z/OS Administrator Guide, Chapter 5: Understanding SAF, section 'Translating Resource Classes (CLASMAP)'.