Record level and SMF data set monitoring options

You can reduce z/OS® CPU and storage usage by setting options for Record level and SMF data set monitoring.

Record level monitoring performance

During record level monitoring, data is collected when VSAM records are read or written. Record level monitoring can affect performance, TCP/IP traffic, and system load. Record level monitoring intercepts VSAM accesses at the record level, so excessive monitoring of logical record requests can result in large volumes of data being transferred to the Guardium system from the TCP/IP telecommunications link, along with a corresponding increase in CPU and storage use within z/OS. Even in a moderately-sized installation that uses VSAM files, hundreds of millions, if not billions, of logical record requests can be made to VSAM daily. Attempting to monitor and report on all VSAM requests can result in huge volumes of data that can increase system load on z/OS and data traffic on communication links.

To provide flexibility in controlling the impact of record level monitoring, policy options can be used to limit the scope of monitoring. Carefully consider these options with the goal of limiting record level monitoring to the logical record requests in specific data sets that must be monitored in your environment.

Record level monitoring filter options

You can use the record level monitoring to filter based on:
  • Data set name
  • Data set type
  • Job name
  • Job type
  • Program name
  • Security system user ID
  • Security system group ID
  • SMF system ID
  • Subsystem ID
  • Sysplex name
  • VSAM record organization
  • DD name
If CICS® support is enabled, you can also filter based on:
  • CICS user ID
  • CICS transaction ID
  • CICS program ID
  • CICS file ID
  • CICS region ID
  • CICS terminal ID
  • CICS function code
You can also limit the monitoring of records to particular keys or key ranges:
VSAM KSDS and RRDS data sets
For KSDS data sets, the key used is defined when the data set is created through an IDCAMS DEFINE.
For RRDS data sets, the key is a relative record number within the data set.
For individual keys, a list of keys is permitted with which a comparison operator can be used. In situations where the key contains unprintable characters, you can define the keys or key ranges by using hexadecimal notation.
Limit the monitoring of record level requests by the type of logical requests, including:
  • Record read events
  • Update write events
  • Insertions
  • Deletions
Remember: Each monitored record that matches the various policy filters results in the processing, creation, and transmission of a record monitoring data element to the Guardium system. Use the Guardium system interface to establish as restrictive a set of policy filters as possible. IBM Guardium S-TAP for Data Sets dynamically tunes and minimizes processing based on the filtering criteria chosen. Effectively chosen filters allows for maximum efficiency of record level monitoring processing.

Activating record level monitoring

You must define a policy that includes rules that specify one or more of the record level request filters (reads, update writes, insertions, or deletions) in order to activate record level monitoring.
  • If a policy does not contain any of these filters, no additional overhead occurs at the logical record request level.
  • If a particular policy rule contains one or more of these filters, only the specific data set defined in the rule (or data sets associated with other policy filters defined in the rule) incurs any additional monitoring overhead.
  • Record level monitoring is only valid for use with VSAM data sets (KSDS and RRDS only).

SMF data set monitoring performance and filtering

Use filtering criteria to limit the amount of VSAM data set monitoring to only particular events. By using policy filters, SMF data set monitoring performance is enhanced by reducing CPU usage, storage usage, and TCP/IP traffic to the Guardium system.

Filter down to each specific VSAM data set event with the following filters:
  • Data Set Open
  • Data Set Update
  • Data Set Close
  • Data Set Close (input-only)
  • Data Set Close (output-only)
  • Data Set Delete
  • Data Set Rename
  • Data Set Create
  • Data Set Alter
  • Data Set SAF Alter
  • Data Set SAF Update
  • Data Set SAF Read
  • Data Set SAF Define
  • Data Set SAF Control
Filter down to each specific non-VSAM data set event with the following filters:
  • Data Set Close
  • Data Set Close (input-only)
  • Data Set Close (output-only)
  • Data Set Delete
  • Data Set Rename
  • Data Set Create
  • Data Set SAF Alter
  • Data Set SAF Update
  • Data Set SAF Read
  • Data Set SAF Define
  • Data Set SAF Control
  • Member Add
  • Member Delete
  • Member Rename
  • Member Replace
  • STOW Initialize

You can achieve optimal record level monitoring and SMF data set monitoring performance when you create and use a policy that defines only those events that are required by your organization.