Reading the CA Top Secret SECTRACE.
The following trace event represents a violation that is showing up on a TSSUTIL EVENT(VIOL) report, but it shows up on the Compliance Event Manager. I assume that this is due to the LOG= setting, could you help me interpret the TRACE event:
X TSS-C-0888*USERA USERA T SDSF 202E G/0400000000,0000000000 L/F08802 F/00200320,000100,0021,000000
X TSS-1 400000000000 00000000 T/8000000003 ISFAUTH.DEST..DATASET.JESYSMSG
X TSS-2 060000 R/1288C0 S/600100,0A8020800000 N509FJD2 A/990080 P/ISPTASK ,B122,ISFMAIN ,PDF F/80208680
X TSS-4 02000000 008FC680 7E752050 REQ/ISFOPDST SUB/
I could not find the 'rr' of 2E as well as I could not find the 'l1' of 'F0' in the documentation. Can you help identify these
x'2E' is the FACILITY id. Issue a TSS MODIFY FACILITY(ALL) which will give a list of all active FACILITYs. Look for a FACILITY with 'ID=2E'.
x'F0' are switches or bit settings.
The following bits are on:
◦10 audited event
◦20 real return code passed
◦40 forced log-out
x'10' + x'20' + x'40' + x'80' = x'F0'