Specifying the level of audit logging

You can control the amount of audit logging that CICS® performs for each process, using the AUDITLOG and AUDITLEVEL attributes of the PROCESSTYPE definition.

For detailed information about defining process-types, see CEDA DEFINE PROCESSTYPE. However, note the following considerations:
  • When a process is first defined, BTS obtains the audit level and audit log information for the process from the installed PROCESSTYPE definition, and copies it into the process record. During the lifetime of the process, this copy of the audit information is used to determine auditing. If the auditing information is changed by, for example, a CEMT SET PROCESSTYPE command, this does not affect existing processes.
  • If an installed PROCESSTYPE definition does not specify a CICS journal name in its AUDITLOG field, CICS does not do any audit logging for processes and activities of that type until the definition is replaced with one that does contain the name of an audit log.
  • The AUDITLOG field must not specify the SMF data set.
  • Several process-types can share the same audit log.
  • In a sysplex, different parts of a process might run on different CICS regions. If you want to write audit records for all the parts, you must ensure that all the regions have the same audit log information in their installed PROCESSTYPE definitions. However, see Audit trail constraints when using DASD-only log streams.
The AUDITLEVEL option of the PROCESSTYPE definition allows you to specify one of four logging levels for processes of the defined type:
ACTIVITY
Specifies activity-level auditing. Audit records are written from:
  1. The process audit points
  2. The activity primary audit points.
That is, an audit record is written:
  1. Whenever a process of this type:
    • Is defined
    • Is requested to run
    • Is requested to link
    • Is acquired
    • Completes
    • Is reset
    • Is canceled
    • Is suspended
    • Is resumed
  2. Each time data is placed in a process container belonging to a process of this type—that is, each time a PUT CONTAINER PROCESS or PUT CONTAINER ACQPROCESS command is issued against a process of this type
  3. Each time a process container belonging to a process of this type is deleted
  4. Each time a root activity (DFHROOT) of this type of process is activated.
  5. Every time a non-root activity belonging to a process of this type:
    • Is requested to link
    • Is activated
    • Completes.
FULL
Specifies full auditing. Audit records are written from:
  1. The process audit points
  2. The activity primary and secondary audit points.
That is, an audit record is written:
  1. Whenever a process of this type:
    • Is defined
    • Is requested to run
    • Is requested to link
    • Is acquired
    • Completes
    • Is reset
    • Is canceled
    • Is suspended
    • Is resumed

    Each time data is placed in a process container belonging to a process of this type

    Each time a process container belonging to a process of this type is deleted

    Each time a root activity (DFHROOT) of this type of process is activated

  2. Every time a non-root activity belonging to a process of this type:
    • Is defined
    • Is requested to run
    • Is requested to link
    • Is activated
    • Completes
    • Is acquired
    • Is reset
    • Is canceled
    • Is suspended
    • Is resumed
    • Is deleted.
OFF
Specifies that no audit trail records are written. This is the default value.
PROCESS
Specifies process-level auditing. Audit records are written from the process audit points only. That is, an audit record is written whenever a process of this type:
  • Is defined
  • Is requested to run
  • Is requested to link
  • Is acquired
  • Completes
  • Is reset
  • Is canceled
  • Is suspended
  • Is resumed

Each time data is placed in a process container belonging to a process of this type

Each time a process container belonging to a process of this type is deleted

Each time a root activity (DFHROOT) of this type of process is activated

Note: If you specify any value for AUDITLEVEL other than OFF, you must also specify the AUDITLOG option of the PROCESSTYPE definition.

You must choose a level of auditing that suits your needs. The more records that are written to the audit log, the longer your business transaction takes to run. The fewer records written, the less information there is for auditing or diagnostic purposes.

To reset the AUDITLEVEL attribute of an installed PROCESSTYPE definition, use the CEMT SET PROCESSTYPE command. Changes are preserved across a restart of CICS. Changes to an installed PROCESSTYPE definition do not affect existing processes.

If a request to write an audit record fails:
  • CICS issues an error message.
  • Auditing for processes of this process-type is suspended until the audit error is corrected and a CEMT SET JOURNALNAME(journal) ACTION(RESET) command is issued. If the reset completes successfully, auditing is resumed and a CICS message is issued to this effect. Some audit records are lost.