What is the EXAMMON address space and how is it used in CA Auditor?

Document ID : KB000027017
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

EXAMMON is a special long-running address space used by the new CA Auditor z/OS UNIX Analysis and Baseline Historical Analysis features.

Solution:

EXAMMON and z/OS UNIX Analysis
When EXAMMON is used in conjunction with the z/OS UNIX analysis feature, a TSO or batch user running CA Auditor uses z/OS cross-memory services to communicate with the EXAMMON address space.

EXAMMON and Baseline Historical Analysis
When EXAMMON is used in conjunction with the baseline historical analysis feature, the EXAMMON address space is used as a workload scheduler to facilitate the automatic submission of batch jobs to perform the actual baseline analysis and comparison functions. The CA Auditor functions for baseline processing are selected with definitions in the POLICY file.

The baseline analysis feature can automatically perform a subset of the CA Auditor functions. This feature requires:

  • A data set for the JCL procedures and other related files

  • A baseline analysis policy file to the long-running EXAMMON address space by means of its POLICY file

The EXAMMON Address Space
Both the z/OS UNIX analysis and baseline historical analysis features need EXAMMON. The EXAMMON address space is a special APF-authorized address space that provides secure access to authorized functions.

EXAMMON is a long-running address space that cannot be completely removed until the system is re-IPL'd. The EXAMMON procedure allocates 1K of subpool=241 key=zero ECSA storage which remains allocated for the duration of the IPL.

The EXAMMON procedure starts the long-running EXAMMON address space. Update the EXAMMON JCL procedure by adding:

  • DD statement for the POLICY DDNAME, specifying the name of the POLICY data set you created.

  • The following DD statement after the POLICY DDNAME:
    //INTRDR DD SYSOUT=(A,INTRDR)

To run EXAMMON:

  • The EXAMMON address space callers must be authorized.

  • The TSO user running CA Auditor must have READ access to the EXAMMON.BPXEKDA SAF resource.

  • The EXAMMON address space requires a userid configured for each ESM to run under.

If the EXAMMON address space is shutdown while another address space connected to it, message: IEF352I ADDRESS SPACE UNAVAILABLE is displayed. No action is required.

EXAMMON Setup:

  1. APF-authorize the CA Auditor execution load library (AUD.EXAMINE.LOAD for non-SMP/E installation, or AUD.EXAMINE.CAILOAD for SMP/E installation).

  2. Open the EXAMMON procedure supplied in the:

    • AUD.EXAMINE.PROCS library (non-SMP/E installations).

    • prefix.EXAMINE.CAIPROC library (SMP/E installations).

  3. Customize EXAMMON procedure:

    • Define a userid the EXAMMON procedure will run under

    • Modify the STEPLIB DD statement to refer to the appropriate data set containing the authorized CA Auditor load modules (normally CAI.EXAMINE.CAILOAD

  4. Configure the userid for each ESM.

  5. EXAMMON to an appropriate system procedure library (for example, SYS1.PROCLIB).