General SMF record type statement
The SMF record type statement processes System Management Facilities (SMF) record types from IBM and other vendors. Each SMF record has a specific record type and message data format.
BMC AMI Defender processes the SMF record types that are referenced in the following diagram and and listed in the syntax descriptions.
For information about filterSpecification , see FILTER-and-MATCH-parameters.
For a list of supported SMF types, see Supported-API-event-types-SMF-types-and-associated-process-tags.
The following table provides details about non-IBM SMF record types and other parameters:
Parameter | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SMF ABEND-AID(recordType) | Must code as shown Compuware Abend-AID SMF records can be written by the Compuware Abend-AID product. (For details, see the appropriate Compuware Abend-AID documentation.) Code a single numeric value between 128 and 255. If the record type is omitted, the default value is 205. | ||||||||||||
SMF SESSMON( recordType ) | Must code as shown Security Session Monitor SMF records can be written by the BMC AMI Security Session Monitor product. (For details, see the BMC AMI Security Session Monitor documentation.) Code a single numeric value between 128 and 255. If the record type is omitted, the default value is 220. | ||||||||||||
SMF CORRELOG(recordType) | Must code as shown SMF CORRELOG records can be written by the BMC AMI Defender product. (For more information, see IND-defender.) Code a single numeric value between 128 and 255. If the record type is omitted, the default value is 202. | ||||||||||||
SMF DIAG(recordType) | Must specify as shown The SMF DIAG statement is intended for diagnostic purposes. The default severity value is DEBUG. There is no default for the SMF record type. For record type code a single numeric value between 0 and 255 indicating the SMF record type you want to monitor. If you code more than one SMF statement for the same record type, then a subsequent SMF statement for the same record type replaces any SMF statements for that record type that came before. | ||||||||||||
FACILITY(facilityName) | Specifies the RFC 3164 facility that is to be indicated as the origin of the syslog messages corresponding to the indicated SMF records If you omit this parameter, the default value is LOGALERT or as shown in the table. If you want a different facility indicated, code one of the RFC 3164 facility names as listed in Syslog-facilities-and-severities.
| ||||||||||||
FIELDs(fieldName…) | Specifies the names of the SMF record fields that are to be transmitted to the BMC Defender Server or other syslog console and the order they are to appear in the message Specify one or more of the fields as described in FIELDS-parameter. You can specify fields only if they are appropriate to the SMF record type, for example, you can specify SMF18JBN for SMF 18, but not for SMF 14 or any other record type. | ||||||||||||
filterSpecification | For information about filterSpecification, see FILTER-and-MATCH-parameters. | ||||||||||||
INHibit | Specifies that the writing of the specified SMF record type to the SMF data set or log stream is to be inhibited by BMC AMI Defender The specified SMF record type is processed by BMC AMI Defender, but then inhibited from further processing by SMF. | ||||||||||||
LOG | LOG(HEX) | Specifies that the selected SMF records are to be logged on CZAPRINT and optionally dumped in hexadecimal and character format This parameter is intended primarily for diagnostic purposes. Use care in specifying LOG(HEX) as it can generate a large volume of print records, especially if BMC AMI Defender is left running for several hours or more. | ||||||||||||
PROCess(‘processTag’) | Specifies the tag that appears at the start of the syslog messages for the indicated SMF record type, following the priority, timestamp, and host name, and preceding the formatted fields Specify the exact process tag that you want to include in syslog messages including any spaces and punctuation. A process tag can be any length from the null string (‘’) to 32 characters. If PROCess is omitted, the default value is as specified in the Supported-API-event-types-SMF-types-and-associated-process-tags topic, and followed by the leading delimiter from OPTIONS DELIM. | ||||||||||||
SEVerity(severity) | Specifies the syslog severity (for record types without subtypes) or the default severity (for record types with subtypes) See Syslog-facilities-and-severities. You can also code SUPPRESS. SUPPRESS indicates that the default is that records are not to be formatted and forwarded to the syslog server at all. If you omit SEVerity, the default value is as described under each record-type description. | ||||||||||||
SUBTypes | Specifies one or more SMF record subtypes and the syslog severity to be assigned to them This parameter is only valid for SMF record types that include subtypes. Record types 7, 14, 15, 17, 18, 60, 61, 62, 64, 65 and 66 do not contain subtypes. BMC Defender SMF records are always written as subtype 1. The subtype default values for each record type are listed under the description of that record type. Specify the subtype or subtypes in one or more of the following formats.
SEVerity(severity) specifies the syslog severity for the specified record subtypes. specifies the syslog severity for the specified record subtypes See Syslog-facilities-and-severities. You can also code DEFAULT or SUPPRESS. DEFAULT indicates that the severity default value is the defined severity; SUPPRESS indicates that the specified event records are not to be forwarded to the syslog server at all. If TRACE(PARM) is in effect, then the effect of any SUBTypes and SEVerity parameters is indicated by message CZA0069I, such as in the following example: CZA0069I SMF_T42 Maximum Subtype 30 CZA0069I Subtype 0 Severity DEFault CZA0069I Subtype 1 Severity SUPpress ... |
This section provides information about the following topics:
Related topic