Defining the collector agent started task JCL
The collector agent runs as a started task. The sample library member ADHCSSID contains the sample JCL to set up the IBM Security Guardium S-TAP for Db2 collector agent started task.
To run the collector agent as a started task, the JCL must be in a cataloged procedure library. Modify the sample started task JCL in SADHSAMP library member ADHCSSID for your site, according to the instructions in the member.
Before you begin
The started task requires:
About this task
- READ access to the ADHCFGP data set in the RACF® DATASET class
- UPDATE access to the DB2PARMS data set in the RACF DATASET class
- The ability to connect to the Db2® subsystem that is monitored by the collector agent
- The ability to read data from the following Db2 subsystem
- Using the sample library member ADHCSSID as a template, customize the member according to the directions contained in the sample JCL. Any valid member name can be used for the started task name, but the suggested started task name is ADHCSSID, where SSID is the identifier of the Db2 subsystem that is to be monitored.
- Copy the customized JCL to an appropriate SYSPROC data
set. The JCL must include definitions for the following data descriptions:
- ADHPARMS must name the IBM Security Guardium S-TAP for Db2 collector agent configuration file.
- DB2PARMS must name the IBM Security Guardium S-TAP for Db2 product control file (example: ADH.V0A00.CONTROL).
- ADHPLCY enables policy persistence. For more information, see the Policy Persistence information provided in Policy pushdown.
- If ADHPLCY is defined, it must point to a data set that is allocated with a record format of fixed blocked (RECFM=FB) and a record length (LRECL) greater than or equal to 256.
- The ADHPLCY data set should be allocated with a minimum of 50 primary tracks and 10 secondary tracks. The ADHPLCY data set can be sequential, PDS, or PDS/E. If you use PDS or PDS/E, the space requirements might need to be increased in relation to the number of members that are contained within the data set.
- ADHLOG is the SYSOUT data set to which IBM Security Guardium S-TAP for Db2 collector agent log messages will be written.
- STEPLIB must include the IBM Security Guardium
S-TAP for Db2 SADHLOAD data set. Note: Every data set allocated to STEPLIB must be APF-authorized.
- SYSPRINT is the SYSOUT data set to which log messages will be written.