Defining the collector agent started task JCL

The collector agent runs as a started task. The sample library member ADHCSSID contains the sample JCL to set up the IBM Security Guardium S-TAP for Db2 collector agent started task.

1. Using the sample library member ADHCSSID as a template, customize the member according to the directions contained in the sample JCL. Any valid member name can be used for the started task name, but the suggested started task name is ADHCSSID, where SSID is the identifier of the Db2 subsystem that is to be monitored.
2. Copy the customized JCL to an appropriate SYSPROC data set. The JCL must include definitions for the following data descriptions:

   ADHPARMS

   ADHPARMS must name the IBM Security Guardium S-TAP for Db2 collector agent configuration file.

   DB2PARMS

   DB2PARMS must name the IBM Security Guardium S-TAP for Db2 product control file (example: ADH.V0A00.CONTROL).

   ADHPLCY

   ADHPLCY enables policy persistence. For more information, see the Policy Persistence information provided in Policy pushdown.

   If ADHPLCY is defined, it must point to a data set that is allocated with a record format of fixed blocked (RECFM=FB) and a record length (LRECL) greater than or equal to 256.

   The ADHPLCY data set should be allocated with a minimum of 50 primary tracks and 10 secondary tracks. The ADHPLCY data set can be sequential, PDS, or PDS/E. If you use PDS or PDS/E, the space requirements might need to be increased in relation to the number of members that are contained within the data set.

   ADHLOG

   ADHLOG is the SYSOUT data set to which IBM Security Guardium S-TAP for Db2 collector agent log messages will be written.

   STEPLIB

   STEPLIB must include the IBM Security Guardium S-TAP for Db2 SADHLOAD data set.

   Note: Every data set allocated to STEPLIB must be APF-authorized.

   SYSPRINT

   SYSPRINT is the SYSOUT data set to which log messages will be written.