Suppress certain Audit records

Document ID : KB000014704
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Can you limit auditing?

Question:

When a user has the AUDIT attribute, can you control limit the auditing for that user?

Answer:


Since you have the AUDIT attribute, all access activity is being logged.

There is no built in functionality in CA Top Secret that can granulize auditing. It all or nothing.

A user written TSSINSTX exit could be written to suppress the logging to the Audit Tracking File for the user.


The following is sample Assembler code to suppress OK+B records:

Example:

If Acid = *BYPASS*
or if Pgm = IKJEFT01 and running as batch job.
VIOLATN DS 0H
ICM R5,15,TXA#FLOG R5 = Addr Fast Logging Buffer
USING FLOG,R5 Map Buffer
TM FLIND1,$FLBYPSS Bypass Security ?
BZ LOGIT no, log this event
ICM R3,15,TXA#ACID R3 = Addr Acid
CLC 0(8,R3),=CL8'*BYPASS*' Acid *BYPASS* ?
BE NOLOG Y, don't log
CLC FLPGM,=CL8'IKJEFT01' TMP ?
BNE LOGIT N, log this event
CLI FLTYPNUM,C'J' TMP Batch ?
BE NOLOG Y, don't log
B LOGIT N, log it
NOLOG B EXIT4 Bypass logging
LOGIT B EXIT0 log this event

You can modify it to suppress OK+A records for your acid instead of OK+B records.

The mapping of the CA Top Secret Installation Exit parameter list is in the CA Top Secret Optional Materials Library in member #INSTXPL.

Please note that any changes to the Installation Exit are supposed to be user written and not supported by CA. The above code is a sample and not supported by CA.

The CA Top Secret Installation Exit is documented in CA Top Secret User Guide.