Specifying the level of audit logging
You can control the amount of audit logging that CICS® performs for each process, using the AUDITLOG and AUDITLEVEL attributes of the PROCESSTYPE definition.
- When a process is first defined, BTS obtains the audit level and audit log information for the process from the installed PROCESSTYPE definition, and copies it into the process record. During the lifetime of the process, this copy of the audit information is used to determine auditing. If the auditing information is changed by, for example, a CEMT SET PROCESSTYPE command, this does not affect existing processes.
- If an installed PROCESSTYPE definition does not specify a CICS journal name in its AUDITLOG field, CICS does not do any audit logging for processes and activities of that type until the definition is replaced with one that does contain the name of an audit log.
- The AUDITLOG field must not specify the SMF data set.
- Several process-types can share the same audit log.
- In a sysplex, different parts of a process might run on different CICS regions. If you want to write audit records for all the parts, you must ensure that all the regions have the same audit log information in their installed PROCESSTYPE definitions. However, see Audit trail constraints when using DASD-only log streams.
- ACTIVITY
- Specifies activity-level auditing. Audit records are written from:
- The process audit points
- The activity primary audit points.
- Whenever a process of this type:
- Is defined
- Is requested to run
- Is requested to link
- Is acquired
- Completes
- Is reset
- Is canceled
- Is suspended
- Is resumed
- Each time data is placed in a process container belonging to a process of this type—that is, each time a PUT CONTAINER PROCESS or PUT CONTAINER ACQPROCESS command is issued against a process of this type
- Each time a process container belonging to a process of this type is deleted
- Each time a root activity (DFHROOT) of this type of process is activated.
- Every time a non-root activity belonging to a process of this
type:
- Is requested to link
- Is activated
- Completes.
- FULL
- Specifies full auditing. Audit records are written from:
- The process audit points
- The activity primary and secondary audit points.
- Whenever a process of this type:
- Is defined
- Is requested to run
- Is requested to link
- Is acquired
- Completes
- Is reset
- Is canceled
- Is suspended
- Is resumed
Each time data is placed in a process container belonging to a process of this type
Each time a process container belonging to a process of this type is deleted
Each time a root activity (DFHROOT) of this type of process is activated
- Every time a non-root activity belonging to a process of this
type:
- Is defined
- Is requested to run
- Is requested to link
- Is activated
- Completes
- Is acquired
- Is reset
- Is canceled
- Is suspended
- Is resumed
- Is deleted.
- OFF
- Specifies that no audit trail records are written. This is the default value.
- PROCESS
- Specifies process-level auditing. Audit records are written from
the process audit points only. That is, an audit record is written
whenever a process of this type:
- Is defined
- Is requested to run
- Is requested to link
- Is acquired
- Completes
- Is reset
- Is canceled
- Is suspended
- Is resumed
Each time data is placed in a process container belonging to a process of this type
Each time a process container belonging to a process of this type is deleted
Each time a root activity (DFHROOT) of this type of process is activated
You must choose a level of auditing that suits your needs. The more records that are written to the audit log, the longer your business transaction takes to run. The fewer records written, the less information there is for auditing or diagnostic purposes.
To reset the AUDITLEVEL attribute of an installed PROCESSTYPE definition, use the CEMT SET PROCESSTYPE command. Changes are preserved across a restart of CICS. Changes to an installed PROCESSTYPE definition do not affect existing processes.
- CICS issues an error message.
- Auditing for processes of this process-type is suspended until the audit error is corrected and a CEMT SET JOURNALNAME(journal) ACTION(RESET) command is issued. If the reset completes successfully, auditing is resumed and a CICS message is issued to this effect. Some audit records are lost.