Customizing required events with SELECT
To select SMF records for processing, modify the appropriate configuration selection switch in the $$$CONFG member found in the amihlq.CZAGENT.PARM file.
A SWITCH setting controls every SMF record and EVENT processed by the BMC AMI Defender agent. Comment or uncomment the switch by adding or removing a semicolon from column 1 of the $$$CONFG member.
To specify the selection categories you want to enable, you modify the $$$CONFG member, but to disable specific SMF record types or events within a category, you modify the $$$SELCT member.
For example, you can enable the DEVICE category that includes SMF record types 8, 9, 11 and 22. If you want notification only when new devices are varied online and offline (that is, only for SMF 9 and 11), you can comment out the SMF 8 and 22 record selection in the $$$SELCT member.
The following code is an example of the $$$SELCT member:
;**********************************************************************;
;**********************************************************************;
; $$$SELCT: User agent parameter member for BMC AMI Defender ;
; This is a copy of CZASELCT and made available for ;
; user modification. It will be included in CZAPARMS ;
; SIEMTYPE-independent ;
; Copyright 2014-2018, 2019-2020 BMC Software, Inc. ;
;**********************************************************************;
;**********************************************************************;
SAY "v6.0.02 Updated 21 March 2020"
; ---------------------------------------------------------------------
; SELECT: Comment out the SELECT statements for the event types you
; do not wish to process. To comment out a statement, type a semi-
; colon (;) in column 1. See the AMI Defender referene manual for
; information concerning the SELECT statement.
; ---------------------------------------------------------------------
SELECT IF(BACKLOG) EVENT(BACKLOG) ; BACKLOG messages
SELECT IF(CONSOLE) EVENT(CONSOLE) ; Selected CONSOLE messages
SELECT IF(GENERIC) EVENT(GENERIC) ; For CZALDFIL
SELECT IF(IND$FILE) EVENT(IND$FILE) ; API1 IND$FILE
SELECT IF(JOBLOG) EVENT(JOBLOG) ; BMC AMI CZAJOBLG - SYSOUT
SELECT IF(LSPACE) EVENT(LSPACE) ; CZALSPAC
SELECT IF(MODIFY) EVENT(MODIFY) ; MODIFY from API1--see manual
SELECT IF(ChangeMan) EVENT(ChangeMan) ; Micro Focus (Serena) ChangeMan
; VM Events
SELECT IF(VMCON) EVENT(VMCONSOLE) ; VM Console Messages
SELECT IF(VMSEC) EVENT(VMSECURE) ; VM Console Messages
SELECT IF(VMRACF) EVENT(VMRACF) ; VM SMF 80 RACF fields
; BMC AMI Defender for IMS
SELECT IF(IMSLOG) EVENT(IMS_1_3) ; IMS Input/Output Msg 01/03
SELECT IF(IMSLOG) EVENT(IMS_10) ; Security violation IMS 10
SELECT IF(IMSLOG) EVENT(IMS_16) ; Signin/Signout IMS 16
SELECT IF(IMSLOG) EVENT(IMS_22) ; IMS Type2 log command
SELECT IF(IMSLOG) EVENT(IMS_24) ; DB I/O Error
SELECT IF(IMSLOG) EVENT(IMS_50) ; Database Updates
SELECT IF(IMSLOG) EVENT(IMS_F8) ; BMC AMI Defender for IMS
SELECT IF(LOG4J) EVENT(LOG4J) ; Log4j data from CZALDFIL
SELECT IF(Abend-AID) SMF(Abend-AID) ; Compuware Abend-AID
SELECT IF(Action) SMF(eventAction) ; Action Software eventACTION
SELECT IF(App_Audit) SMF(App_Audit) ; Compuware Application Audit
SELECT IF(BMCAMI) SMF(CorreLog) ; BMC AMI-created SMF records
SELECT IF(DIAG) SMF(DIAG) ; Diagnostic message display
; Operations events
SELECT IF(OPS) SMF(0) ; status IPL
SELECT IF(OPS) SMF(30) ; Common address space
SELECT IF(OPS) SMF(90) ; status SYSTEM
; Operations events - VSAM
SELECT IF(VSAM) SMF(60) ; VSAM volume data set updated
SELECT IF(VSAM) SMF(62) ; VSAM Compo or Cluster Opened
SELECT IF(VSAM) SMF(64) ; VSAM Compo or Cluster Sts
; Operations events - ICF
SELECT IF(ICF) SMF(61) ; ICF Define activity
SELECT IF(ICF) SMF(65) ; ICF Delete activity
SELECT IF(ICF) SMF(66) ; ICF Alter activity
; Device management
SELECT IF(DEVICE) SMF(8) ; I/O Configuration
SELECT IF(DEVICE) SMF(9) ; VARY Device ONLINE
SELECT IF(DEVICE) SMF(11) ; VARY Device OFFLINE
SELECT IF(DEVICE) SMF(22) ; Configuration
SELECT IF(TSO) SMF(32) ; TSO/E User Work Accounting
SELECT IF(CRYPTO) SMF(82) ; Int. Crypto. Services Facility
SELECT IF(DB2) SMF(DB2) ; DB2 events (SMF 101, 102)
SELECT IF(USS) SMF(109) ; USS Syslog
SELECT IF(CICS) SMF(110) ; CICS events
SELECT IF(TSO) SMF(119) ; TSO signon events
; File access monitoring
SELECT IF(FAM) SMF(14) ; INP/RDBACK DS activity
SELECT IF(FAM) SMF(15) ; OUTPUT/UPD/INOUT/OUT DS Acti
SELECT IF(FAM) SMF(17) ; Scratch Data Set Sts
SELECT IF(FAM) SMF(18) ; Rename Non-VSAM DS Sts
SELECT IF(FAM) SMF(42) ; DFSMS stats and config
SELECT IF(FAM) SMF(92) ; zFS - File system activity
SELECT IF(JES) SMF(26) ; JES2/3 - Purge
SELECT IF(JES) SMF(43) ; JES2/3 - Startup
SELECT IF(JES) SMF(55) ; JES2/3 - Network Signon
SELECT IF(JES) SMF(56) ; JES2/3 - Network Integrity
SELECT IF(JES) SMF(57) ; JES2/3 - Network Transmission
SELECT IF(JES) SMF(58) ; JES2/3 - Network Signoff
SELECT IF(RMF) SMF(70) ; RMF Processor Activity
SELECT IF(RMF) SMF(71) ; RMF Paging Activity
SELECT IF(RMF) SMF(72) ; RMF Wrkload,Stg,Serialization
SELECT IF(RMF) SMF(73) ; RMF Channel Path Activity
SELECT IF(RMF) SMF(74) ; RMF Activity of Resources
SELECT IF(RMF) SMF(75) ; RMF Page Data Set Activity
SELECT IF(RMF) SMF(76) ; RMF Trace Activity
SELECT IF(RMF) SMF(77) ; RMF Enqueue Activity
SELECT IF(RMF) SMF(78) ; RMF Monitor I Activity
SELECT IF(RMF) SMF(79) ; RMF Monitor II Activity
SELECT IF(RACF) SMF(80) ; RACF Security events
SELECT IF(RACF) SMF(81) ; RACF Initialization
SELECT IF(RACF) SMF(83) ; RACF Audit Record
SELECT IF(TOPSECRET) SMF(TSS80) ; TSS Security events
SELECT IF(TOPSECRET) SMF(TSS231) ; TSS Security events
SELECT IF(ACF2) SMF(ACF2) ; ACF2 Security data
SELECT IF(SMF89) SMF(89) ; Product Usage data
SELECT IF(MQ) SMF(115) ; MQ Events - MQSeries Statistics
SELECT IF(MQ) SMF(116) ; MQ Events - MQ Accounting
SELECT IF(SMF113) SMF(113) ; Hardware Capacity
SELECT IF(WebSphere) SMF(120) ; WebSphere
;**********************************************************************;
; $$$SELCT: User agent parameter member for BMC AMI Defender ;
; This is a copy of CZASELCT and made available for ;
; user modification. It will be included in CZAPARMS ;
; SIEMTYPE-independent ;
; Copyright 2014-2018, 2019-2020 BMC Software, Inc. ;
;**********************************************************************;
;**********************************************************************;
SAY "v6.0.02 Updated 21 March 2020"
; ---------------------------------------------------------------------
; SELECT: Comment out the SELECT statements for the event types you
; do not wish to process. To comment out a statement, type a semi-
; colon (;) in column 1. See the AMI Defender referene manual for
; information concerning the SELECT statement.
; ---------------------------------------------------------------------
SELECT IF(BACKLOG) EVENT(BACKLOG) ; BACKLOG messages
SELECT IF(CONSOLE) EVENT(CONSOLE) ; Selected CONSOLE messages
SELECT IF(GENERIC) EVENT(GENERIC) ; For CZALDFIL
SELECT IF(IND$FILE) EVENT(IND$FILE) ; API1 IND$FILE
SELECT IF(JOBLOG) EVENT(JOBLOG) ; BMC AMI CZAJOBLG - SYSOUT
SELECT IF(LSPACE) EVENT(LSPACE) ; CZALSPAC
SELECT IF(MODIFY) EVENT(MODIFY) ; MODIFY from API1--see manual
SELECT IF(ChangeMan) EVENT(ChangeMan) ; Micro Focus (Serena) ChangeMan
; VM Events
SELECT IF(VMCON) EVENT(VMCONSOLE) ; VM Console Messages
SELECT IF(VMSEC) EVENT(VMSECURE) ; VM Console Messages
SELECT IF(VMRACF) EVENT(VMRACF) ; VM SMF 80 RACF fields
; BMC AMI Defender for IMS
SELECT IF(IMSLOG) EVENT(IMS_1_3) ; IMS Input/Output Msg 01/03
SELECT IF(IMSLOG) EVENT(IMS_10) ; Security violation IMS 10
SELECT IF(IMSLOG) EVENT(IMS_16) ; Signin/Signout IMS 16
SELECT IF(IMSLOG) EVENT(IMS_22) ; IMS Type2 log command
SELECT IF(IMSLOG) EVENT(IMS_24) ; DB I/O Error
SELECT IF(IMSLOG) EVENT(IMS_50) ; Database Updates
SELECT IF(IMSLOG) EVENT(IMS_F8) ; BMC AMI Defender for IMS
SELECT IF(LOG4J) EVENT(LOG4J) ; Log4j data from CZALDFIL
SELECT IF(Abend-AID) SMF(Abend-AID) ; Compuware Abend-AID
SELECT IF(Action) SMF(eventAction) ; Action Software eventACTION
SELECT IF(App_Audit) SMF(App_Audit) ; Compuware Application Audit
SELECT IF(BMCAMI) SMF(CorreLog) ; BMC AMI-created SMF records
SELECT IF(DIAG) SMF(DIAG) ; Diagnostic message display
; Operations events
SELECT IF(OPS) SMF(0) ; status IPL
SELECT IF(OPS) SMF(30) ; Common address space
SELECT IF(OPS) SMF(90) ; status SYSTEM
; Operations events - VSAM
SELECT IF(VSAM) SMF(60) ; VSAM volume data set updated
SELECT IF(VSAM) SMF(62) ; VSAM Compo or Cluster Opened
SELECT IF(VSAM) SMF(64) ; VSAM Compo or Cluster Sts
; Operations events - ICF
SELECT IF(ICF) SMF(61) ; ICF Define activity
SELECT IF(ICF) SMF(65) ; ICF Delete activity
SELECT IF(ICF) SMF(66) ; ICF Alter activity
; Device management
SELECT IF(DEVICE) SMF(8) ; I/O Configuration
SELECT IF(DEVICE) SMF(9) ; VARY Device ONLINE
SELECT IF(DEVICE) SMF(11) ; VARY Device OFFLINE
SELECT IF(DEVICE) SMF(22) ; Configuration
SELECT IF(TSO) SMF(32) ; TSO/E User Work Accounting
SELECT IF(CRYPTO) SMF(82) ; Int. Crypto. Services Facility
SELECT IF(DB2) SMF(DB2) ; DB2 events (SMF 101, 102)
SELECT IF(USS) SMF(109) ; USS Syslog
SELECT IF(CICS) SMF(110) ; CICS events
SELECT IF(TSO) SMF(119) ; TSO signon events
; File access monitoring
SELECT IF(FAM) SMF(14) ; INP/RDBACK DS activity
SELECT IF(FAM) SMF(15) ; OUTPUT/UPD/INOUT/OUT DS Acti
SELECT IF(FAM) SMF(17) ; Scratch Data Set Sts
SELECT IF(FAM) SMF(18) ; Rename Non-VSAM DS Sts
SELECT IF(FAM) SMF(42) ; DFSMS stats and config
SELECT IF(FAM) SMF(92) ; zFS - File system activity
SELECT IF(JES) SMF(26) ; JES2/3 - Purge
SELECT IF(JES) SMF(43) ; JES2/3 - Startup
SELECT IF(JES) SMF(55) ; JES2/3 - Network Signon
SELECT IF(JES) SMF(56) ; JES2/3 - Network Integrity
SELECT IF(JES) SMF(57) ; JES2/3 - Network Transmission
SELECT IF(JES) SMF(58) ; JES2/3 - Network Signoff
SELECT IF(RMF) SMF(70) ; RMF Processor Activity
SELECT IF(RMF) SMF(71) ; RMF Paging Activity
SELECT IF(RMF) SMF(72) ; RMF Wrkload,Stg,Serialization
SELECT IF(RMF) SMF(73) ; RMF Channel Path Activity
SELECT IF(RMF) SMF(74) ; RMF Activity of Resources
SELECT IF(RMF) SMF(75) ; RMF Page Data Set Activity
SELECT IF(RMF) SMF(76) ; RMF Trace Activity
SELECT IF(RMF) SMF(77) ; RMF Enqueue Activity
SELECT IF(RMF) SMF(78) ; RMF Monitor I Activity
SELECT IF(RMF) SMF(79) ; RMF Monitor II Activity
SELECT IF(RACF) SMF(80) ; RACF Security events
SELECT IF(RACF) SMF(81) ; RACF Initialization
SELECT IF(RACF) SMF(83) ; RACF Audit Record
SELECT IF(TOPSECRET) SMF(TSS80) ; TSS Security events
SELECT IF(TOPSECRET) SMF(TSS231) ; TSS Security events
SELECT IF(ACF2) SMF(ACF2) ; ACF2 Security data
SELECT IF(SMF89) SMF(89) ; Product Usage data
SELECT IF(MQ) SMF(115) ; MQ Events - MQSeries Statistics
SELECT IF(MQ) SMF(116) ; MQ Events - MQ Accounting
SELECT IF(SMF113) SMF(113) ; Hardware Capacity
SELECT IF(WebSphere) SMF(120) ; WebSphere
The following code is an example of the SELECT statements and their controlling switches:
; ---------------------------------------------------------------------
; SELECT: Comment out the SELECT statements for the event types you
; do not wish to process. (To comment out a statement, type a ; in
; column 1.) See "Configuring Your Required Events with SELECT"
; in the zDefender reference manual
; ---------------------------------------------------------------------
SELECT IF(BACKLOG) EVENT(BACKLOG) ; BACKLOG messages
SELECT IF(CONSOLE) EVENT(CONSOLE) ; Selected CONSOLE messages
SELECT IF(GENERIC) EVENT(GENERIC) ; For CZALDFIL
SELECT IF(IND$FILE) EVENT(IND$FILE) ; API1 IND$FILE
SELECT IF(JOBLOG) EVENT(JOBLOG) ; BMC AMI CZAJOBLG - SYSOUT
SELECT IF(LSPACE) EVENT(LSPACE) ; CZALSPAC
SELECT IF(MODIFY) EVENT(MODIFY) ; MODIFY from API1--see manual
SELECT IF(ChangeMan) EVENT(ChangeMan) ; Micro Focus (Serena) ChangeMan
; BMC AMI Defender for IMS
SELECT IF(IMSLOG) EVENT(IMS_1_3) ; IMS Input/Output Msg 01/03
SELECT IF(IMSLOG) EVENT(IMS_10) ; Security violation IMS 10
SELECT IF(IMSLOG) EVENT(IMS_16) ; Signin/Signout IMS 16
SELECT IF(IMSLOG) EVENT(IMS_22) ; IMS Type2 log command
SELECT IF(IMSLOG) EVENT(IMS_24) ; DB I/O Error
SELECT IF(IMSLOG) EVENT(IMS_50) ; Database Updates
SELECT IF(IMSLOG) EVENT(IMS_F8) ; BMC AMI Defender for IMS
SELECT IF(LOG4J) EVENT(LOG4J) ; Log4j data from CZALDFIL
SELECT IF(Abend-AID) SMF(Abend-AID) ; Compuware Abend-AID
SELECT IF(Action) SMF(eventAction) ; Action Software eventACTION
SELECT IF(App_Audit) SMF(App_Audit) ; Compuware Application Audit
SELECT IF(BMCAMI) SMF(CorreLog) ; BMC AMI-created SMF records
SELECT IF(DIAG) SMF(DIAG) ; Diagnostic message display
; Operations events
SELECT IF(OPS) SMF(0) ; status IPL
SELECT IF(OPS) SMF(30) ; Common address space
SELECT IF(OPS) SMF(90) ; status SYSTEM
; Operations events - VSAM
SELECT IF(VSAM) SMF(60) ; VSAM volume data set updated
SELECT IF(VSAM) SMF(62) ; VSAM Compo or Cluster Opened
SELECT IF(VSAM) SMF(64) ; VSAM Compo or Cluster Sts
; Operations events - ICF
SELECT IF(ICF) SMF(61) ; ICF Define activity
SELECT IF(ICF) SMF(65) ; ICF Delete activity
SELECT IF(ICF) SMF(66) ; ICF Alter activity
; Device management
SELECT IF(DEVICE) SMF(8) ; I/O Configuration
SELECT IF(DEVICE) SMF(9) ; VARY Device ONLINE
SELECT IF(DEVICE) SMF(11) ; VARY Device OFFLINE
SELECT IF(DEVICE) SMF(22) ; Configuration
SELECT IF(TSO) SMF(32) ; TSO/E User Work Accounting
SELECT IF(CRYPTO) SMF(82) ; Int. Crypto. Services Facility
SELECT IF(DB2) SMF(DB2) ; DB2 events (SMF 101, 102)
SELECT IF(USS) SMF(109) ; USS Syslog
SELECT IF(CICS) SMF(110) ; CICS events
SELECT IF(TSO) SMF(119) ; TSO signon events
; File access monitoring
SELECT IF(FAM) SMF(14) ; INP/RDBACK DS activity
SELECT IF(FAM) SMF(15) ; OUTPUT/UPD/INOUT/OUT DS Acti
SELECT IF(FAM) SMF(17) ; Scratch Data Set Sts
SELECT IF(FAM) SMF(18) ; Rename Non-VSAM DS Sts
SELECT IF(FAM) SMF(42) ; DFSMS stats and config
SELECT IF(FAM) SMF(92) ; zFS - File system activity
SELECT IF(JES) SMF(26) ; JES2/3 - Purge
SELECT IF(JES) SMF(43) ; JES2/3 - Startup
SELECT IF(JES) SMF(55) ; JES2/3 - Network Signon
SELECT IF(JES) SMF(56) ; JES2/3 - Network Integrity
SELECT IF(JES) SMF(57) ; JES2/3 - Network Transmission
SELECT IF(JES) SMF(58) ; JES2/3 - Network Signoff
SELECT IF(RMF) SMF(70) ; RMF Processor Activity
SELECT IF(RMF) SMF(71) ; RMF Paging Activity
SELECT IF(RMF) SMF(72) ; RMF Wrkload,Stg,Serialization
SELECT IF(RMF) SMF(73) ; RMF Channel Path Activity
SELECT IF(RMF) SMF(74) ; RMF Activity of Resources
SELECT IF(RMF) SMF(75) ; RMF Page Data Set Activity
SELECT IF(RMF) SMF(76) ; RMF Trace Activity
SELECT IF(RMF) SMF(77) ; RMF Enqueue Activity
SELECT IF(RMF) SMF(78) ; RMF Monitor I Activity
SELECT IF(RMF) SMF(79) ; RMF Monitor II Activity
SELECT IF(RACF) SMF(80) ; RACF Security events
SELECT IF(RACF) SMF(81) ; RACF Initialization
SELECT IF(RACF) SMF(83) ; RACF Audit Record
SELECT IF(TOPSECRET) SMF(TSS80) ; TSS Security events
SELECT IF(TOPSECRET) SMF(TSS231) ; TSS Security events
SELECT IF(ACF2) SMF(ACF2) ; ACF2 Security data
SELECT IF(SMF89) SMF(89) ; Product Usage data
SELECT IF(MQ) SMF(115) ; MQ Events - MQSeries Statistics
SELECT IF(MQ) SMF(116) ; MQ Events - MQ Accounting
SELECT IF(SMF113) SMF(113) ; Hardware Capacity
SELECT IF(WebSphere) SMF(120) ; WebSphere
; SELECT: Comment out the SELECT statements for the event types you
; do not wish to process. (To comment out a statement, type a ; in
; column 1.) See "Configuring Your Required Events with SELECT"
; in the zDefender reference manual
; ---------------------------------------------------------------------
SELECT IF(BACKLOG) EVENT(BACKLOG) ; BACKLOG messages
SELECT IF(CONSOLE) EVENT(CONSOLE) ; Selected CONSOLE messages
SELECT IF(GENERIC) EVENT(GENERIC) ; For CZALDFIL
SELECT IF(IND$FILE) EVENT(IND$FILE) ; API1 IND$FILE
SELECT IF(JOBLOG) EVENT(JOBLOG) ; BMC AMI CZAJOBLG - SYSOUT
SELECT IF(LSPACE) EVENT(LSPACE) ; CZALSPAC
SELECT IF(MODIFY) EVENT(MODIFY) ; MODIFY from API1--see manual
SELECT IF(ChangeMan) EVENT(ChangeMan) ; Micro Focus (Serena) ChangeMan
; BMC AMI Defender for IMS
SELECT IF(IMSLOG) EVENT(IMS_1_3) ; IMS Input/Output Msg 01/03
SELECT IF(IMSLOG) EVENT(IMS_10) ; Security violation IMS 10
SELECT IF(IMSLOG) EVENT(IMS_16) ; Signin/Signout IMS 16
SELECT IF(IMSLOG) EVENT(IMS_22) ; IMS Type2 log command
SELECT IF(IMSLOG) EVENT(IMS_24) ; DB I/O Error
SELECT IF(IMSLOG) EVENT(IMS_50) ; Database Updates
SELECT IF(IMSLOG) EVENT(IMS_F8) ; BMC AMI Defender for IMS
SELECT IF(LOG4J) EVENT(LOG4J) ; Log4j data from CZALDFIL
SELECT IF(Abend-AID) SMF(Abend-AID) ; Compuware Abend-AID
SELECT IF(Action) SMF(eventAction) ; Action Software eventACTION
SELECT IF(App_Audit) SMF(App_Audit) ; Compuware Application Audit
SELECT IF(BMCAMI) SMF(CorreLog) ; BMC AMI-created SMF records
SELECT IF(DIAG) SMF(DIAG) ; Diagnostic message display
; Operations events
SELECT IF(OPS) SMF(0) ; status IPL
SELECT IF(OPS) SMF(30) ; Common address space
SELECT IF(OPS) SMF(90) ; status SYSTEM
; Operations events - VSAM
SELECT IF(VSAM) SMF(60) ; VSAM volume data set updated
SELECT IF(VSAM) SMF(62) ; VSAM Compo or Cluster Opened
SELECT IF(VSAM) SMF(64) ; VSAM Compo or Cluster Sts
; Operations events - ICF
SELECT IF(ICF) SMF(61) ; ICF Define activity
SELECT IF(ICF) SMF(65) ; ICF Delete activity
SELECT IF(ICF) SMF(66) ; ICF Alter activity
; Device management
SELECT IF(DEVICE) SMF(8) ; I/O Configuration
SELECT IF(DEVICE) SMF(9) ; VARY Device ONLINE
SELECT IF(DEVICE) SMF(11) ; VARY Device OFFLINE
SELECT IF(DEVICE) SMF(22) ; Configuration
SELECT IF(TSO) SMF(32) ; TSO/E User Work Accounting
SELECT IF(CRYPTO) SMF(82) ; Int. Crypto. Services Facility
SELECT IF(DB2) SMF(DB2) ; DB2 events (SMF 101, 102)
SELECT IF(USS) SMF(109) ; USS Syslog
SELECT IF(CICS) SMF(110) ; CICS events
SELECT IF(TSO) SMF(119) ; TSO signon events
; File access monitoring
SELECT IF(FAM) SMF(14) ; INP/RDBACK DS activity
SELECT IF(FAM) SMF(15) ; OUTPUT/UPD/INOUT/OUT DS Acti
SELECT IF(FAM) SMF(17) ; Scratch Data Set Sts
SELECT IF(FAM) SMF(18) ; Rename Non-VSAM DS Sts
SELECT IF(FAM) SMF(42) ; DFSMS stats and config
SELECT IF(FAM) SMF(92) ; zFS - File system activity
SELECT IF(JES) SMF(26) ; JES2/3 - Purge
SELECT IF(JES) SMF(43) ; JES2/3 - Startup
SELECT IF(JES) SMF(55) ; JES2/3 - Network Signon
SELECT IF(JES) SMF(56) ; JES2/3 - Network Integrity
SELECT IF(JES) SMF(57) ; JES2/3 - Network Transmission
SELECT IF(JES) SMF(58) ; JES2/3 - Network Signoff
SELECT IF(RMF) SMF(70) ; RMF Processor Activity
SELECT IF(RMF) SMF(71) ; RMF Paging Activity
SELECT IF(RMF) SMF(72) ; RMF Wrkload,Stg,Serialization
SELECT IF(RMF) SMF(73) ; RMF Channel Path Activity
SELECT IF(RMF) SMF(74) ; RMF Activity of Resources
SELECT IF(RMF) SMF(75) ; RMF Page Data Set Activity
SELECT IF(RMF) SMF(76) ; RMF Trace Activity
SELECT IF(RMF) SMF(77) ; RMF Enqueue Activity
SELECT IF(RMF) SMF(78) ; RMF Monitor I Activity
SELECT IF(RMF) SMF(79) ; RMF Monitor II Activity
SELECT IF(RACF) SMF(80) ; RACF Security events
SELECT IF(RACF) SMF(81) ; RACF Initialization
SELECT IF(RACF) SMF(83) ; RACF Audit Record
SELECT IF(TOPSECRET) SMF(TSS80) ; TSS Security events
SELECT IF(TOPSECRET) SMF(TSS231) ; TSS Security events
SELECT IF(ACF2) SMF(ACF2) ; ACF2 Security data
SELECT IF(SMF89) SMF(89) ; Product Usage data
SELECT IF(MQ) SMF(115) ; MQ Events - MQSeries Statistics
SELECT IF(MQ) SMF(116) ; MQ Events - MQ Accounting
SELECT IF(SMF113) SMF(113) ; Hardware Capacity
SELECT IF(WebSphere) SMF(120) ; WebSphere
Related topic
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*