SMF 30 statement

SMF Type 30 records are written to indicate the start and end of units of work. Units of work include Jobs, Started Tasks, TSO sessions, and other types of work, such as APPC transactions. You might want to monitor Type 30 records to keep track of TSO logons, or to be aware of production work that ends abnormally. The SMF 30 statement indicates that Type 30 records are to be collected and forwarded to your syslog console. If you code an SMF 30 statement, then by default, all Start, End, and Stepend Type 30 records are forwarded with a facility of System and a severity of Informational, and all Type 30 statistics records are suppressed.

image2019-3-26_10-36-35.png

image2019-3-26_10-37-4.png

The SMF 30 statement allows you to specify which types of work are to be monitored, whether only certain events for those units of work are to be monitored.

Example

Only started task abnormal terminations (ABENDs) are to be forwarded, the severity of those syslog messages, and the facility.

If you code more than one SMF 30 statement, then a subsequent SMF 30 statement replaces any SMF 30 statement(s) that came before.

If TRACE(PARM) is specified on the OPTIONS statement, then BMC AMI Defender displays a summary of your Type 30 event and severity specifications in message CZA0243I.

Note

If a jobstep ends with a completion code greater than zero, and subsequent steps are then flushed due to COND processing, SMF assigns a completion code of zero to the job.

SMF 30

Must be specified as shown.

INHibit

Specifies that the writing of the SMF record type 30 to the SMF data sets or logstream is to be inhibited by BMC AMI Defender. SMF record type 30 is processed by BMC AMI Defender, but then inhibited from further processing by SMF.

FACILITY(facility-name)

Specifies the RFC 3164 facility that is to be indicated as the origin of the syslog records corresponding to SMF Type 30 records. If you omit this parameter, it defaults to SYSTEM. If you would like a different facility indicated, code one of the RFC 3164 facility names as listed in Syslog-facilities-and-severities.

FIELDs(fieldname…)

Specifies the names of the SMF Type 30 record fields that are to be transmitted to the BMC Defender Server or other syslog console, and the order in which they are to appear in the message. Specify one or more of the fields, as described in FIELDS-parameter.

filter-specification

JOBs(…


OTHER(…


STC(…


TSO(…

Specifies, for each indicated type of work, those types of events (start, interval, and normal end) are to be forwarded and with what severity. See the specifications for START, END, and STEPEND for a description of how those parameters are specified.

INTerval(severity)

Specifies the severity of interval statistics events for the indicated type of work. See Syslog-facilities-and-severities. You might also code SUPPRESS. SUPPRESS indicates that the specified event records are not to be forwarded to the syslog server at all.

Example

If you code TSO(INT(INFO)), then the syslog server receives a message with a severity of Informational for TSO session interval statistics.

LAST(severity)

Specifies the severity of last statistics events for the indicated type of work. See Syslog-facilities-and-severities. You might also code SUPPRESS. SUPPRESS indicates that the specified event records are not to be forwarded to the syslog server at all.

Examples

If you code JOB(LAST(INFO)) then the syslog server receives a message with a severity of Informational for JOB last statistics.

START(severity)

Specifies the severity of start-of-work events for the indicated type of work. See Syslog-facilities-and-severities. You might also code SUPPRESS. SUPPRESS indicates that the specified event records are not to be forwarded to the syslog server at all.

Example

If you code TSO(START(NOTICE)), then the syslog server receives a message with a severity of Notice every time a TSO session starts.

END(severity RC0(severity) RC4(severity) RC8(severity) …)

Specifies a severity to apply to all end-of-work events for the indicated type of work. You might also specify an overriding severity to apply to work that ends with a return code of zero, work that ends with a return code of four, and so forth. See the specifications for RC0, RC4 and so forth for a description of how these parameters are specified. See Syslog-facilities-and-severities. You might also code SUPPRESS. SUPPRESS indicates that the specified event records are not to be forwarded to the syslog server at all.

Example

If you code JOB(END(SUPPRESS ABEND(CRIT))), then Job end events cannot be forwarded, except for Job ABENDs that are not to be forwarded with a severity of Critical.

STEPend(severity RC0(severity) RC4(severity) RC8(severity) …)

Specifies a severity to apply to end-of-jobstep events. The STEPEND parameter is only relevant to work of type JOBS. You might also specify an overriding severity to apply to jobsteps that end with a return code of zero, jobsteps that ends with a return code of four, and so forth. See the specifications for RC0, RC4 and so forth for a description of how these parameters are specified. See Syslog-facilities-and-severities. You might also code SUPPRESS. SUPPRESS indicates that the specified event records are not to be forwarded to the syslog server at all.

RC0(severity)


RC4(severity)


RC8(severity)


RC12(severity)


RC16(severity)


ABEND(severity)

Specifies an overriding severity for units of work that end with the specified return code. See Syslog-facilities-and-severities. You might also code SUPPRESS. SUPPRESS indicates that the specified event records are not to be forwarded to the syslog server at all. A severity specified for any return code value overrides any lower (less severe) severities for any higher return codes.

Example

If you specify JOB(END(INFO RC12(ALERT))), then a syslog message with a severity of Alert is sent for all jobs that end with a return code of 12 or greater including ABENDs and a message with a severity of Informational is sent for all other jobs.


Note

RC4 specification using for return codes of 1, 2, and 3 as well as 4; the RC8 specification using for return codes of 5, 6, and 7 as well as 8, and so forth. The RC16 specification using for all return codes 13.

LOG


LOG(HEX)

Specifies that the selected SMF records are to be logged on CZAPRINT and optionally dumped in hexadecimal and character format. This parameter is intended primarily for diagnostic purposes. Use care in specifying LOG(HEX) as it might generate a large volume of print records, especially if BMC AMI Defender is left running for several hours or more.

PROCess(‘process-tag’)

Specifies the tag that appears at the start of SMF 30 syslog messages, following the priority, timestamp and hostname, and preceding the formatted fields. Specify the exact process tag that you want to include in syslog messages including any spaces and punctuation. Process-tag might be any length from the null string (‘’) to 32 characters. If SMF 30 PROCess is omitted, it defaults to SMF followed by the leading delimiter from OPTIONS DELIM.

SMF 30 Severity example

As an example, if you were to code:

SMF 30 JOB(  START(SUPPRESS)                                       +
              STEPEND(SUPPRESS)                                     +
              END( SUPPRESS   RC4(WARN) RC8(ERROR) ABEND(CRIT) ) )  +
       OTHER( START(NOTICE)                                     +
              END( SUPPRESS ABEND(NOTICE) ) )                       +  +
       STC(   START(SUPPRESS)                                       +
              END( NOTICE     RC4(WARN) RC8(ERROR) ABEND(CRIT) ) )  +
       TSO(   START(NOTICE)   END(SUPPRESS) ) 

Then here are the resulting work unit severities (as displayed in message CZA0243I when TRACE(PARM) is in effect):

           START       RC0         RC4         RC8         RC12        RC16        ABEND      
JOB        SUPpress    SUPpress    WARNing     ERRor       ERRor       ERRor       CRITical   
JOBSTEP    ---         SUPpress    SUPpress    SUPpress    SUPpress    SUPpress    SUPpress   
OTHER      NOTICE      SUPpress    SUPpress    SUPpress    SUPpress    SUPpress    NOTICE    
STC        SUPpress    NOTICE      WARNing     ERRor       ERRor       ERRor       CRITical   
TSO        NOTICE      SUPpress    SUPpress    SUPpress    SUPpress    SUPpress    SUPpress

Related topics

Parameter-file-statements

General-SMF-record-type-statement

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*