DSN1SMFP

The DSN1SMFP utility processes Db2 trace data into reports that are useful for evaluating and auditing the evaluated configuration.

Begin program-specific programming interface information.DSN1SMFP accepts data that SMF collects in standard SMF format and produces from one to eighteen reports. DSN1SMFP accepts all SMF record types, but it processes only type 101 (Db2 Accounting) and 102 (Db2 Performance) records. DSN1SMFP checks each type 101 and 102 record for Db2 audit trace types of theseDb2 trace records:

  • 003: Accounting - DDF Data by Location (security-relevant fields only)
  • 004: Trace Start
  • 005: Trace Stop
  • 023: Utility Start
  • 024: Utility Change
  • 025: Utility End
  • 083: Identify End
  • 106: System Parameters (security-relevant fields only)
  • 140: Audit Authorization Failures
  • 141: Audit DDL Grant/Revoke
  • 142: Audit DDL Create/Alter/Drop
  • 143: Audit First Write
  • 144: Audit First Read
  • 145: Audit DML Statement
  • 269: Trusted Connection
  • 270: Trusted Context
  • 350: SQL Statement
  • 361: Audit Administrative Authorities
  • 362: Trace Start and Stop with AUDITPOLICY.

IFCIDs: Each such trace type is extracted and outputted in report format to a dedicated DD for that trace type.

Important: At a minimum, ensure that the following traces are started when you collect SMF records for input to DSN1SMFP.
Table 1. Traces to start for DSN1SMFP
Trace type Class IFCID
Accounting 1 3
Accounting 1 106
Audit 1 140
Audit 2 141
Audit 3 142
Audit 4 143
Audit 5 144
Audit 6 145
Audit 7 83
Audit 8 23
Audit 8 24
Audit 8 25
Audit 10 269
Audit 10 270
Audit 11 361
Audit   362
Performance 30 350

IFCIDs 4 and 5 are started automatically when you start or stop any other trace, and IFCID 362 is started automatically when you start an audit policy trace.

DSN1SMFP also counts and reports the following values in the end-of-job summary:
  • Total SMF records that are read
  • Total SMF type 101 records
  • Total SMF type 102 records
  • Separate totals for IFCID 0003, 0004, 0005, 0023, 0024, 0025, 0083, 0106, 0140, 0141, 0142, 0143, 0144, 0145, 0269, 0270, 0350, 0361, 0362, and other IFCID records that are read
  • Separate totals for formatted IFCID 0003, 0004, 0005, 0023, 0024, 0025, 0083, 0106, 0140, 0141, 0142, 0143, 0144, 0145, 0269, 0270, 0350, 0361, 0362 records that are written
  • Total formatted records that are written
You can allocate each output DD of interest to a print device, data set, or held output.

DSN1SMFP loads an application defaults module to obtain the EBCDIC CCSID for conversion of Unicode-encoded strings. That application defaults module is DSNHDECP, unless you specify PARM='DECP(decp-name)' when you invoke DSN1SMFP. You need to ensure that the library where the application defaults module resides (typically prefix.SDSNEXIT) is available and allocated ahead of prefix.SDSNLOAD in the JOBLIB or STEPLIB DD concatenation.

When DSN1SMFP encounters an IFCID 0106 trace record, if the EBCDIC CCSID that is used by Db2 does not agree with the CCSID that is loaded from DSNHDECP, DSN1SMFP reports a warning message and ends with a minimum return code of 4.

End program-specific programming interface information.