Send TSS messages to Z/OS syslogd daemon

Document ID : KB000110145
Last Modified Date : 22/08/2018
Show Technical Document Details
Introduction:
How to send TSS violation messages to a SIEM system (Splunk) outside z/os using syslogd services
Question:
We want to send TSS violation messages to a SIEM system (Splunk) outside z/os using syslogd services. Can TSS send the violation messages to a local syslog in Z/OS. 
Environment:
z/os
Answer:
You can send some violation messages via the LOG control Option by setting SEC9: 
SEC9 
Routes the following violation summary messages to the security console through route code 9: 
TSS7100E 
TSS7220E 
TSS7200E 
TSS7250E 

Here is the link for the SEC Control Option: 
https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/specifying-control-options-to-modify-your-security-environment/logcontrol-event-logging