IBM Support

CEMT audit trail

Technote (FAQ)


Question

When using CICSPlex SM (CPSM) to do something like NEWCOPY a program, you do not see any record of the command. You are looking for some way to record the command in an audit trail. You are wondering if CMAS journaling (parameter: JRNLOPACT) might do this or if there is another option?

Answer

The CMAS EYUPARMs JRNLDEFCH, JRNLOPACT, and JRNLRTAEV can be used to cause journaling of CPSM definition changes, operator actions, and RTA events respectively. The JRNLOPACT would show a NEWCOPY action. See CMAS journaling in the CICS information center for more details.

To enable journaling support for operation requests, you need to specify the EYUPARM JRNLOPACT(YES) in each CMAS where you want to track operation requests. When the CPSM EYUPARM JRNLOPACT is set to YES, then during the CMAS startup, CPSM will attempt to open Journal EYUJRNL. To define the EYUJRNL Journal Model, you can use any Logstream name you like. CPSM sample job EYUJRNE$, in dataset CICS.SEYUSAMP(EYUJRNE$), shows a JournalModel definition that you could use for defining this.

The information above relates to CICSPlex SM, but there is currently no audit trail provided by CICS for recording CEMT commands. If you would like to open a request for enhancement, you can go to http://www.ibm.com/developerworks/rfe/ and submit a request.

In the meantime, you could define a PROFILE with MSGJrnl=INPut|Output|INOut and have the CEMT transaction use this PROFILE. The Journal(nn) in this PROFILE will be the Message Journal Log. The CEMT screens are written to this journal. You could use this for an audit trail. The task id, transaction id, and terminal id are journaled, but the userid is not recorded.

With CICS Transaction Server for z/OS (CICS TS) V4.1, and later, CICS can keep track of details about when each resource was defined, installed, and last changed. See The CHANGEAGENT, CHANGEAGREL, CHANGETIME, CHANGEUSRID, and CREATETIME attributes section in the CICS information center for more details.

Alternatively, you could create your own CEMT transaction that would point to a new program that you create. In your program, you could first do an EXEC CICS RECEIVE INTO(INPUT-MSG). Then your program could examine the INPUT-MSG, and if it is the command you want to record, your program could write it to MSGUSR. Then your program could do an EXEC CICS XCTL PROGRAM('DFHEMTP') INPUTMSG(INPUT-MSG) to pass control to the master terminal program. This customized version of CEMT will act the same way as the CICS supplied CEMT, it just does one thing extra to examine the input command text and write it to MSGUSR. If you do this, you have to remember you cannot change the IBM supplied profiles, so you would need to create your own group with a CEMT transaction and that transaction definition would point to your own program.

Product Alias/Synonym

CICS/TS CICS TS CICS Transaction Server

Document information

More support for: CICS Transaction Server
Journal

Software version: 3.1, 3.2, 4.1, 4.2

Operating system(s): z/OS

Reference #: 1575569

Modified date: 29 March 2012


Translate this page: