Commands
Authorized users can also issue commands from the Tools option in the web interface.
To issue commands from the web interface
- In SPM, click Menu, then click Tools.
- From the RSS Commands menu, perform one of the following actions:
- Select a command from the list.
- Select Custom Command, enter a supported command (listed later in this topic), and click Submit.
The following figure is an example of the command response:
The following commands are supported by SPM:
[ ADDUDSN ] [ ALLOWLIST ] [ APPS ] [ CHKPT ] [ CSA ] [ DBSTATS ] [ DS ] [ EXECCAT ] [ EXECRULE ] [ HASH ] [ IMPORTDATASET ] [ LOADRULE ] [ LOADRULES ] [ RACFDBRefresh ] [ RESETMSG ] [ RESYNC ] [ SERVERS ] [ SESS ] [ SETMSG ] [ SETUSSSCAN ] [ SHOWRULES ] [ SHUTDOWN ] [ SMF ] [ SYS ] [ TASKS ]
ADDUDSN
The ADDUDSN dataSetName command adds a user data set dynamically to the in-storage list of user data sets.
To make permanent a user data set that is dynamically added, add it to the DatasetFilters section as described in Configuring-parameters.
ALLOWLIST
The ALLOWLIST command lists the active SPM allowlists that are in use on the server.
The command response presents the allowlist name and the user IDs that belong to the list. For example:
SPM0547I Userid X000001 TRBL1
SPM0546I AllowList SYSPROG
SPM0547I Userid X000003 SYSPG2
SPM0547I Userid X000002 SYSPG1
The information is returned to the requesting user and logged in the console.
APPS
The APPS command lists the active SPM applications that are running on the server and connected to the server.
The command response presents the following information:
Heading | Description |
|---|---|
LPAR | LPAR name |
APP | Application that is running |
JOB | Job name of the address space in which it is running |
CHKPT
The CHKPT command displays checkpoint data set statistics.
CSA
The CSA command displays details of the CSA block used by SPM.
The command response presents the following information:
Heading | Description |
|---|---|
JOBNAME | Job name |
ASID | Address space ID |
ALET | ALET used internally for communications |
DATASPACE | Data space name being used |
CMAI | Cross-memory application interface address |
DBSTATS
The DBSTATS command displays information about the usage of the internal database. It first displays the storage used by the in-memory tables, and then by the on-disk tables. The command runs at startup, shutdown, and daily to help you monitor and improve the storage usage.
The command response presents the following information:
Heading | Description |
|---|---|
TABLE | Database table name |
PAGES | Number of pages used by the table |
USED | Amount of storage used |
UNUSED | Free space within the allocated pages |
For example:
________________________________________ ____________ ____________ ____________
access 1 76 3984
allowlist 5 13190 5230
allowlist_ix1 4 7093 7975
cdt 6 17766 5380
cfield 10 24585 14585
cfld_ix1 3 3844 7368
cics 1 2653 1242
cics_ix1 1 575 3369
clauth 7 17786 5063
config 3 4422 7385
conn 520 1892489 24901
conn_ix1 149 420897 77400
conn_ix2 148 415005 79208
conn_ix3 151 423916 82549
console 11 36473 6629
db2 3 6935 4740
device 4 6703 8139
...
Totals 10282 33733173 2916871
Table (Disk) Pages Used Unused
________________________________________ ____________ ____________ ____________
access 1 76 3984
alerts 1 0 4088
alerts_ix1 1 0 4088
alerts_ix2 1 0 4088
alerts_ix3 1 0 4088
command 23 81395 8643
comments 1 0 4088
comments_ix1 1 0 4088
login 1 1168 2860
...
Totals 4791 17733344 375411
DBREFRESH
The DBREFRESH command refreshes the SPM database and performs database housekeeping.
DS
The DS command displays details of master data space.
The command response presents the following information:
Heading | Description |
|---|---|
DATASPACE | Data space name |
INDEX START | Address of the data space index |
INDEX TOP | Address of the top element in the index |
INDEX CURRENT | Address of the current element in the index |
INDEX END | Address of the last element in the index |
DATA START | Start address of the data section |
DATA CURRENT | Address of the current element |
DATA END | End address of the data section |
STATUS | Active and inactive status of the data space |
TOTAL BLOCKS | Total number of blocks in the data space |
LOW WATER MARK | Data space low watermark |
HIGH WATER MARK | Data space high watermark |
EXPANSION COUNT | Number of expansions that have occurred |
CHECKPOINT COUNT | Number of checkpoint operations that have occurred |
POOL | Pool number |
BLOCK LENGTH | Block length of entries in the pool |
ALLOCATED | Number of pool entries allocated |
DEALLOCATED | Number of pool entries deallocated |
TOP BLOCK | Top of the element queue |
BOTTOM BLOCK | Bottom of the element queue |
EXECCAT
The EXECCAT category command runs all compliance tests for the specified category.
EXECRULE
The EXECRULE memberName command runs the specified single rule.
HASH
The HASH command displays statistics on the SPM hash table.
The command response presents the following information:
Heading | Description |
|---|---|
&PID | Process ID address |
TOKEN | Hash token |
ADDRESS | Address of the hash token |
IMPORTDATASET
To use the ImportDataset command, make sure that you have READ (or higher) access to the BMC.RSS.SPMIMPRT security management resource, which is in the FACILITY class by default.
The IMPORTDATASET command imports SQL data from a data set. The specified data set is passed as the argument for the command.
For example, to import data set MYHLQ.SPMV21.CUSTOM01 into the SPM started task server, use the following command:
For more information, see Adding-custom-tables.
LOADRULE
The LOADRULE memberName command reloads the specified rule from the Rules data set.
LOADRULES
The LOADRULES command reloads the entire compliance rule set, including the INDEX member from the Rules data set.
Use the command to dynamically reload the rule set after the INDEX has been modified or a high number of rule definitions have been changed.
RACFDBRefresh
The RACFDBRefresh command deletes and re-creates the SQLite RACF tables from the current alternate or backup RACF database.
SPM automatically initializes the RACF database tables at startup. Use the command to force a database refresh. For example, after you update a large number of RACF profiles, you can refresh the database before the next automatic refresh.
For more information, see RACFDBUnload in Configuring-parameters and RACF-database-unload-tables.
RESETMSG
The RESETMSG messageLevel command resets a previously set message level. For more information, see SETMSGin this topic.
The messageLevel parameter settings are the same as for the MessageLevel configuration parameter. For more information about the MessageLevel parameter, see Configuring-parameters.
You can use any of the message levels detailed for the SETMSG command with the RESETMSG command.
RESYNC
The RESYNC command refreshes the reporting data by running all active rules. The report data is processed at the next timer event, which occurs every minute.
You can run the command at any time instead of waiting for the scheduled daily refresh that is specified by the SPM REPORTRESynctime parameter.
SERVERS
The SERVERS command lists the active product servers and their status.
The command response presents the following information:
Heading | Description |
|---|---|
SERVER ID | Server ID |
SERVER NAME | Name of the server |
IP ADDRESS | IP address of the server |
PORT | Port the server listens on |
STATUS | Status of the server |
SESS
The SESS command displays active SPM sessions.
The command response presents the following information:
Heading | Description |
|---|---|
USERID | RACF user ID |
IP ADDRESS | IP address of the session |
LOGON | Time of logon |
ACTIVITY | Time of last activity |
KEEPALIVE | Time of the last KEEPALIVE operation |
SETMSG
The SETMSG messageLevel command sets a new message level.
Normally, the MessageLevel parameter in the configuration data set is set to Info and Error so that only information and error messages are written to SYSOUT. For more information about the MessageLevel parameter, see Configuring-parameters.
If you experience issues with SPM, you might need to switch on and off one or more of the tracing message levels. You can do this dynamically by using SETMSG and RESETMSG(which avoids having to re-cycle the product).
The messageLevel parameter settings are the same as for the MessageLevel parameter:
Message level | Description |
|---|---|
Error | Output error messages |
Info | Output information messages |
HTTPTrace | Traces HTTP traffic generated by user interactions with the SPM browser interface |
RACFTrace | Traces all RACF commands and their output responses |
TCPTrace | Traces all TCP communications including SSL exchanges when using HTTPS protocol |
XCFTrace | Traces all XCF communications |
DLLTrace | Traces key DLL calls |
APPTRACE | Activates trace for application supplied diagnostic information |
BufTrace | Traces data in all traced exchanges as well as protocol information |
DLLTrace | Traces DLL calls |
SETUSSSCAN
The SETUSSSCAN command sets the value of the UssFileScan parameter after SPM starts up. Run the command with one of the following options:
- Disable – Disables full scans of the USS file system. When disabled, the DS223840 and DS223811 DISA STIG reports are not accurate.
- Full – Enables full scans of the USS file system. SPM captures information of all identified directories and certificate files in the USS file system, in the ussfile table.
- Compact – Enables full scans of the USS file system. SPM captures information of all identified certificate files and directories that have the write permission enabled for other users, in the ussfile table.
- Resync – Performs a full scan of the USS file system without impacting the current SPM environment or timings. If you modify your USS file system, Resync enables you to update the SPM environment when the scan completes, to reflect accurate and updated SPM table information.
If you issue the command with option Full or Compact, SPM starts a thread to perform a full scan of the USS file system. Note that you must account for this scan when you issue the command.
SHOWRULES
The SHOWRULES memberName command lists the currently defined compliance rules. This command does not require any parameters.
The command response presents the following information:
Heading | Description |
|---|---|
RULE | Rule name |
LAST RUN | Time last run |
NEXT RUN | Calculated time of the next run |
FAILURES | Number of failures |
REFERENCE | Reference from the rule definition |
SHUTDOWN
The SHUTDOWN command performs a controlled shutdown of SPM.
No confirmation of the command is required. The output displays the following message and the shutdown begins:
No further output is displayed because the product is shutting down and loses connection to its GUI interface. The SPM address space shuts down as soon as it has cleanly terminated any active or waiting tasks.
SMF
The SMF command displays details of master data space SMF exits.
The command response presents the following information:
Heading | Description |
|---|---|
EXIT CALLS | Number of times the exit has been called |
RECORDS SELECTED | Number of records selected |
RECORDS ROUTED | Number of records routed to SPM for further processing |
SLAVE STATUS | Internal status |
SYS
The SYS command displays all SPM instances running on the sysplex.
The command response presents the following information:
Heading | Description |
|---|---|
SYSPLEX | Sysplex name |
SYSID | LPAR name within the sysplex |
JOBNAME | SPM job name |
STATUS | Active, Inactive, or Ready |
SERVER | Whether the HTTP server is running on that LPAR |
ESM | RACF, TSS, or ACF2 |
TASKS
The TASKS command displays active SPM tasks.
The command response presents the following information:
Heading | Description |
|---|---|
RSS TASK | Name of the RSS task |
ADDRESS | Address of the RSS task |
TCB ADDRESS | Task's TCB address |
THREAD ID | Task's thread ID |
PARM | Address of the task's parm |
EVENT QUEUE | Event queue address |
USER FIELDS 0-2 | User fields related to the task |
USERFIELDS 3-5 | User fields related to the task |