General SMF record type statement

The SMF record type statement processes System Management Facilities (SMF) record types from IBM and other vendors. Each SMF record has a specific record type and message data format.

BMC AMI Datastream processes the SMF record types that are referenced in the following diagram and and listed in the syntax descriptions.


Related topic

Command-and-syntax-reference

Parameter-file-statements

Syntax diagram for the General SMF record type statement provides a visual representation of the command syntax and parameters.

Syntax diagram for Severity provides a visual representation of the available severities.

For information about filterSpecification , see FILTER-and-MATCH-parameters.

For a list of supported SMF types, see Supported-API-event-types-SMF-types-and-associated-process-tags.

he following table provides details about non-IBM SMF record types and other parameters:

Parameter

Description

SMF type

Specifies the user-defined SMF type

Type

Description

ABEND-AID(recordType

You must enter the type as shown

Compuware Abend-AID SMF records can be written by the Compuware Abend-AID product. For more information, see the appropriate Compuware Abend-AID documentation.

For the record type, enter a numeric value between 128 and 255.

If you omit the record type, the default 205 is used.

SESSMON( recordType 

You must enter the type as shown

Security Session Monitor SMF records can be written by the BMC AMI Security Session Monitor product. For more information, see the BMC AMI Security Session Monitor documentation.

For the record type, enter a numeric value between 128 and 255.

If you omit the record type, the default 220 is used.

CORRELOG(recordType

You must enter the type as shown

SMF CORRELOG records can be written by BMC AMI Datastream. For more information, see IND-Detect.

For the record type, enter a numeric value between 128 and 255.

If you omit the record type, the default 202 is used.

DIAG(recordType

You must enter the type as shown

The SMF DIAG parameter is intended for diagnostic purposes. The default severity value is DEBUG.

For the record type, enter a numeric value between 128 and 255 indicating the SMF record type you want to monitor.

If you enter more than one SMF statement for the same record type, the subsequent statement replaces any statements that came before.

There is no default for the DIAG record type.

FACILITY(facilityName)

If you omit this parameter, the default LOGALERT or one of the defaults shown in the following table is used.

SMF record type

Default facility

7

KERNEL

109

SYSLOGD

119

UUCP

CorreLog

LOCAL1

DIAG

SYSLOGD

FIELDs(fieldName…)

Specify one or more of the fields as described in Supported-record-field-names.

You can specify fields only if they are appropriate to the SMF record type, for example, you can specify SMF18JBN for SMF 18, but not for SMF 14 or any other record type.

filterSpecification

INHibit

Inhibits writing the SMF type record to the SMF data sets or logstream

BMC AMI Datastream processes the record, but SMF then inhibits further processing.

LOG | LOG(HEX)

PROCess(‘processTag’)

If you omit this parameter, the default value specified in Supported-API-event-types-SMF-types-and-associated-process-tags is used, followed by the leading delimiter from OPTIONS DELIM. For more information, see OPTIONS-statement.

SEVerity(severity)

Specifies the syslog severity for record types without subtypes, or the default severity for record types with subtypes. For more information about severities, see Syslog-facilities-and-severities.

You can also enter SUPPRESS. SUPPRESS indicates that the records are not forwarded to the syslog server.

If you omit this parameter, the default described under each record-type description is used.

SUBTypes

Specifies one or more SMF record subtypes and the syslog severity assigned to them

This parameter is only valid for SMF record types that include subtypes. Record types 7, 14, 15, 17, 18, 60, 61, 62, 64, 65 and 66 do not contain subtypes. BMC AMI Datastream SMF records are always written as subtype 1. The subtype default values for each record type are listed under the description of that record type.

Specify the subtype or subtypes in one or more of the following formats.

Format

Description

subtype

Single-record subtype

For example, SUBT(1 SEV(NOTICE)) specifies that subtype 1 records are forwarded with a severity of Notice.

subtype:subtype

Range of record subtypes

For example, SUBT(5:9 SEV(SUP)) specifies that all subtype 5, 6, 7, 8, and 9 records are suppressed (not forwarded).


SEVerity(severity) specifies the syslog severity for the specified record subtypes. For more information about severities, see Syslog-facilities-and-severities.

You can also enter DEFAULT or SUPPRESS.

  • SUPPRESS indicates that the specified event records are not forwarded to the syslog server.
  • DEFAULT indicates that the severity is the defined severity


If you enter TRACE(PARM) in the OPTIONS-statement, then the effect of any SUBTypes and SEVerity parameters is indicated by message CZA0069I.

Example
CZA0069I SMF_T42 Maximum Subtype 30
CZA0069I Subtype 0 Severity DEFault
CZA0069I Subtype 1 Severity SUPpress
...

This section provides information about the following topics:


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*