File-AID/MVS audit trail exit

Warning

Standard File-AID audit trail file processing does not require an audit trail exit.

The Audit Trail Exit is only required if you wish to modify the default behavior of the standard File-AID/MVS audit file processing.

However, the Audit Trail Exit is required if you want to enable SMF recording.

The File-AID audit trail exit, XFAAUAXA, is linked into load module XFAAUAXF and called dynamically after allocating the input data set for Browse, Edit, and the Search/Update utility. There is no default audit trail exit shipped with File-AID/MVS. By default, audit trail records are created for both online and batch processing to a File-AID/MVS audit file when the appropriate audit parameter is specified. You can provide a customized Audit Trail Exit to alter the default behavior of audit file processing. You must provide an Audit Trail Exit to enable SMF recording.

Important

SMF Recording Function (Optional)

File-AID can create SMF records for all data sets that are accessed by Browse, Edit, or the Search/Update utility. The File-AID SMF records provide information on who accessed a data set and which records were modified. Refer to File-AID-MVS-SMF-recording-function for instructions to enable SMF recording for File-AID/MVS.


Important

If you plan on using a custom audit trail exit from a File-AID release prior to Release 9.4, you must copy, then rename the load module to XFAAUAXF.

The audit trail exit can be customized for the following purposes:

  • To force the creation of an audit trail for a specific data set, group of data sets, and/or group of users.
  • To force automatic printing of the audit trail report and specify whether to retain the audit trail dataset after printing.
  • To limit creation of audit trails to either online or batch, check the ONLINE/BATCH INDICATOR input parameter (see ONLINE/BATCH INDICATOR ).
  • To override the audit trail dataset name that is constructed by File-AID.

Important

The audit trail dataset name must be unique. Each time the audit trail is used File-AID generates a new data set name. We recommend employing the date and time stamp as part of this data set name.

When auditing is requested, File-AID allocates the audit trail dataset dynamically. If you’re using batch, the TSO-ID is interpreted as the JOB NAME minus one character, which means the TSO-ID part of the batch job name is actually included as the first qualifier in the audit data set name. If this is not acceptable, there is an Audit file prefix parameter that allows you to replace part of the default audit file data set name up to a total length of 23 characters. This is described under Audit File Prefix Parameter in AUDIT (AUD).

Important

Audit exits may need to be rewritten if eight byte user IDs (z/OS 2.3 and later) are in use.

If your TSO prefix matches your user ID, the audit trail dataset name is:

   TSO-ID.FILEAID.AUDT.Dyymmdd.Thhmmss.Msss

TSO-ID

TSO user ID, up to seven characters, or up to eight characters if eight character user ID has been implemented with z/OS 2.3 or later.

Dyymmdd

Gregorian date on which the audit trail is created.

Thhmmss

Hour, Minute, and second the audit trail is created.

Msss

Millisecond the audit trail is created.

TSO-prefix

TSO user prefix, up to 7 characters, or up to 8 characters if 8 character user ID has been implemented with z/OS 2.3 or later.

If your TSO-prefix does not match your user ID and the audit data set name does not exceed 44 characters, the audit trail dataset name is:

tso-prefix.TSO-ID.FILEAID.AUDT.Dyymmdd.Thhmmss.Msss

When the TSO-prefix is included and the construction of the audit data set name exceeds 44 characters, then millisecond will be omitted. For example, if you had a 4 character tso-prefix and a 5 character tso-id, millisecond would be included. If you had a 4 character tso-prefix and a 7 character tso-id, millisecond would be omitted.

tso-prefix.TSO-ID.FILEAID.AUDT.Dyymmdd.Thhmmss

To implement the optional File-AID SMF recording function.

The audit trail exit is called from browse for the purpose of checking the optional SMF recording function (file access recording). File-AID does not currently support audit reporting from SMF.

Important

Non reentrant load modules can reside in a APF library. However, if a load module is marked by the linkage editor as reentrant, then it must actually be reentrant if it resides in an APF library.

The audit trail exit parameter list is described in Audit Exit Parameter Layouts. All fields in the parameter list are prefilled with a necessary process value or default value. Any field in the audit trail exit can be modified. Security parameters and fields unrelated to the audit trail process are ignored by File-AID when processing the audit trail.

Important

  • The audit exit should be reentrant.
  • Do not use any run-time compiler debugging options when compiling a COBOL audit exit.

Installing the Audit Exit

The File-AID sample library (hlq.SXVJSAMP) provides sample audit trail exits in Assembler, COBOL, PL/I, and provides JCL to compile and link-edit the exit, as shown in the following table. In addition, the sample library contains a sample dynamic SMF user exit in Assembler and the corresponding JCL. Refer to File-AID-MVS-SMF-recording-function for instructions to enable SMF logging for File-AID/MVS.

Sample Audit Exits and JCL

Exit Source Name

Compile/Link JCL Name

Description

XFAAUAXA

XFALKAUA

Assembler sample audit exit

XFAAUAXC

XFALKAUC

COBOL sample audit exit

XFAAUAXP

XFALKAUP

PL/I sample audit exit

XFASMFUX

XFALKSMF

Assembler sample dynamic SMF user exit

Audit Exit Parameter Layouts

Input Parms

Audit Exit Input Parms Layout

Description

Position

Len

Format

Values

EXIT TYPE

1

1

CHAR

R Audit Trail Allocation

USER ID

2

7

CHAR

7 character TSO Userid.

PARM8UID is now used instead. Do not change. PARMUSER is kept for compatibility reasons.

FUNCTION NUMBER

9

1

CHAR

Browse

Edit

Search/Update utility

ONLINE/BATCH INDICATOR

10

1

CHAR

Online operation

Batch operation

File-AID VERSION

11

5

CHAR

Version number of File-AID in use (i.e. 23.01).

FILE TYPE

16

1

CHAR

Data file data set

FULLY QUALIFIED DSN

17

44

CHAR

Edit DSN without quotes and including TSO prefix if appropriate.

DATASET ORGANIZATION

61

2

CHAR

AM VSAM dataset

DA BDAM dataset

PO Partitioned dataset

PS Sequential dataset.

VOLUME SERIAL

63

6

CHAR

The volume serial number of the disk or tape that contains the data set.

PASSWORD

69

8

CHAR

The password for OS password protected data sets.

READ ONLY INDICATOR

77

1

CHAR

Read-only

Update.

PARM8UID

164

8

CHAR

8 character TSO Userid

PARM8FLG8

172

1

CHAR

8 character TSO Userid indicator. Indicates exit is able to handle 8 character Userid.

INPUT/OUTPUT PARMS - EXIT TYPE R

Audit Exit Input/Output Parms Exit Type R Layout

Description

Position

Len

Format

Values

AUDIT TRAIL DSN

87

46

CHAR

Audit Trail DSN to be allocated, with quotes and including TSO prefix if appropriate.

SLIB MEMBER NAME

133

8

CHAR

Default is FAJCAUDR. You can override with a different SLIB member.

CREATE AUDIT TRAIL INDICATOR

141

1

CHAR

Input value is the value from the Edit - Dataset Specification or Search/Update screen. You can override with one of the following:

Y -- Create an audit trail.

N -- Do not create an audit trail.

FORCE PRINT INDICATOR

142

1

CHAR

N -- Default; does not force printing of the audit trail dataset.

K -- Forces printing and keeps the audit trail report.

D -- Forces printing and deletes the audit trail dataset.

Any other value in this position keeps the audit trail without printing.

SMF USER EXIT NAME

143

8

CHAR

Default is spaces for dynamic SMF user exit program name.

SMF RECORD CODE

151

3

CHAR

Default is 170 for SMF record code.

CREATE SMF RECORDS FOR BROWSE

154

1

CHAR

N -- Default; does not create SMF records for browse.

Y -- Creates SMF records for browse.

CREATE SMF RECORDS FOR EDIT

155

1

CHAR

N -- Default; does not create SMF records for edit.

Y -- Creates SMF records for edit.

CREATE SMF ACCESS RECORDS

156

1

CHAR

The access record is always created when a file is edited and the CREATE SMF RECORDS FOR EDIT flag is Y, even if this flag is set to N.

N -- Default; does not create SMF access record.

Y -- Creates SMF access record.

CREATE SMF FIELD UPDATE RECORDS

157

1

CHAR

Note: If all three of the FIELD UPDATE record indicators fields are Y (at positions 157, 158, and 159), comprehensive update records are created for any added or deleted records even when comprehensive records are not being created.

N -- Default; do not create SMF record.

Y -- Create SMF record.

CREATE BEFORE UPDATE FIELD IMAGES

158

1

CHAR

N -- Default; do not create SMF record before update field images.

Y -- Create SMF record before update field images.

CREATE AFTER UPDATE FIELD IMAGES

159

1

CHAR

N -- Default; do not create SMF record after update field images.

Y -- Create SMF record after update field images.

CREATE COMPREHENSIVE RECORDS

160

1

CHAR

Note: If all three of the COMPREHENSIVE RECORD fields are N (at positions 160, 161, and 162), comprehensive update records are created for any added or deleted records when SMF FIELD UPDATE records are being created.

N -- Default; do not create SMF record.

Y -- Create SMF record.

CREATE COMPREHENSIVE BEFORE UPDATE RECORD IMAGES

161

1

CHAR

N -- Default; do not create SMF record before updating comprehensive record images.

Y -- Create SMF record before updating comprehensive record images.

CREATE COMPREHENSIVE AFTER UPDATE RECORD IMAGES

162

1

CHAR

N -- Default; do not create SMF record after updating comprehensive record images.

Y -- Create SMF record after updating comprehensive record images.

CREATE SMF UPDATE SUMMARY RECORD

163

1

CHAR

N -- Default; do not create SMF update summary record.

Y -- Create SMF update summary record.

Related topics

BMC AMI DevX File-AID/MVS

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*