Sample logs

Edit online

The sample logs provide examples of different recorded events. You can compare these samples with your own logs to understand the events that are being recorded.

Server startup logging

During initialization, the Distributed Access Infrastructure servers unconditionally generate startup, environment, and configuration log records, as shown in the following example:
2023/12/14 11:49:20.55                  00 STARTUP  Distributed Access Infrastructure V1.7.0
2023/12/14 11:49:20.55                  01 STARTUP    Tools Access Server initialization started
2023/12/14 11:49:20.55 TAS#####EC05003E 00 STARTUP  Environment:
2023/12/14 11:49:20.55 TAS#####EC05003E 01 STARTUP    Job.....DAITAS     System...EC05      ASID.....003E
2023/12/14 11:49:20.55 TAS#####EC05003E 02 STARTUP    User....USRT001    Group....SYS1      JobNum...STC00079
2023/12/14 11:49:20.55 TAS#####EC05003E 03 STARTUP    Local...GMT-08     GMT......2023/12/14 19:49
2023/12/14 11:49:20.55 TAS#####EC05003E 00 PreLoad  AIICDM   00007000 AIICDM+20231129+13.34  V1.7.0
2023/12/14 11:49:20.56 TAS#####EC05003E 00 PreLoad  AIICMSM  9182ACA0 AIICMSM+20231129+13.34+B0160
2023/12/14 11:49:20.56 TAS#####EC05003E 00 PreLoad  AIICMSEI 9182A330 AIICMSEI+20231129+13.34+B0160

2023/12/14 11:49:20.94 TAS#####EC05003E 00 ConfgEXE Parameters given on Job EXEC
2023/12/14 11:49:20.94 TAS#####EC05003E 01 ConfgEXE   TYPE=TAS,AIICFG=AIITAS,BPECFG=AIITBPE
2023/12/14 11:49:20.94 TAS#####EC05003E 00 ConfgMem Parameter member name: AIITAS
2023/12/14 11:49:20.94 TAS#####EC05003E 00 ConfgMem TAS configuration member contents
2023/12/14 11:49:20.94 TAS#####EC05003E 01 ConfgMem   XcfGroupName(DaiGroup)              /* Xcf group name  */
2023/12/14 11:49:20.94 TAS#####EC05003E 02 ConfgMem   TasServerName(DAI Production TAS)   /* Server name     */
2023/12/14 11:49:20.94 TAS#####EC05003E 03 ConfgMem   SecurityAppl(DAI)                   /* APPL CLASS name */

System status events

System status events comprise normal operating events such as component startup, component shutdown, and XCF join and leave status. The following example shows TAS joining the XCF group and all members in the group at the time the TAS joins:
2023/12/14 11:49:21.53 TAS#####EC05003E 00 STARTUP  XCF JOIN Group=DAIGROUP Member=TAS#####EC05003E RC=00000000
2023/12/14 11:49:21.56 TAS#####EC05003E 00 Members  Current XCF member information
2023/12/14 11:49:21.56 TAS#####EC05003E 01 Members    NTWKTCPSEC050029 Active   NTWK TCPSERV  DAITCP   EC03005
2023/12/14 11:49:21.56 TAS#####EC05003E 02 Members    TAS#####EC05003E Active   TAS           DAITAS   EC03005
As other members join and leave the XCF group, their status is recorded in the server log, as shown in the following example:
2023/12/14 11:58:58.06 TAS#####EC05003E 00 Members  SERVTESTEC05002A XCF Member Event=GEMSTATE System=EC03005  Job=TESTTOOL
2023/12/14 11:58:58.06 TAS#####EC05003E 01 Members    OldState=Not-Def  NewState=Active   Type=SERV ID=TESTSERV

Security events

Security events show the connections that are established and terminated, the state of the connection, the user logon ID on the established connection, and the success and failure of a client logon.

The format of the IP address displayed in the event log depends on the Internet Protocol version that is used by the TCP server.
  • If IPv4 is enabled, the IP address consists of four decimal numbers separated by periods. For example, 192.0.2.0.
  • If IPv6 is enabled and the connection request is from an IPv6 client, the IP address consists of eight hexadecimal numbers separated by colons. For example, 2001:0DB8:0:0:0:0:0:0.
  • If IPv6 is enabled and the connection request is from an IPv4 client, the IP address consists of six hexadecimal numbers separated by colons, followed by IPv4 IP address. For example, 0:0:0:0:0:FFFF:192.0.2.0.

The following examples show these events:

Events for non-secure connections
For a non-secure connection, a TCPIntf (TCP interface) message is displayed indicating that the connection is not secure.
2023/12/14 17:25:21.44 NTWKTCPSC753002A 00 STARTUP  TCP communication starting, Port: 5124, Max connections: 18
2023/12/14 17:25:21.44 NTWKTCPSC753002A 01 STARTUP    HOME IP: xxx.xxx.xxx.xxx, HOST NAME: SYSTEM1
2023/12/14 17:25:35.32 NTWKTCPSC753002A 00 TcpIntf  TCP socket connected.  Socket: 1, IP: xxx.xxx.xxx.xxx
2023/12/14 17:25:35.32 NTWKTCPSC753002A 00 TcpIntf  Connection is not secured for Socket: 1 
2023/12/14 17:25:38.82 NTWKTCPSC753002A 00 Logon    User logon, Socket: 1, User: USRT005
2023/12/14 17:25:38.86 NTWKTCPSC753002A 00 Logon    User passed security check: USRT005
2023/12/14 17:26:06.30 NTWKTCPSC753002A 00 Logoff   User logged off: USRT005
2023/12/14 17:26:07.93 NTWKTCPSC753002A 00 TcpIntf  TCP socket disconnect. Socket: 1, IP: xxx.xxx.xxx.xxx, User: Nouser
2023/12/14 17:25:35.32 NTWKTCPSC753002A 00 TcpIntf  TCP socket connected.  Socket: 1, IP: xxx.xxx.xxx.xxx
2023/12/14 17:25:35.32 NTWKTCPSC753002A 00 TcpIntf  Connection is not secured for Socket: 1 
2023/12/14 17:25:38.82 NTWKTCPSC753002A 00 Logon    User logon, Socket: 1, User: USRT005
2023/12/14 17:25:38.86 NTWKTCPSC753002A 00 Logon    User passed security check: USRT005
Events for secure connections
When a secure connection is established by using IBM z/OS Communications Server Application Transparent Transport Layer Security (AT-TLS), the TCP server examines the type of the connection, which is established based on AT-TLS policy statements. The type of the connection is written to the log as a security event after an event log for TCP socket connection establishment. 
2023/12/14 17:25:35.32 NTWKTCPSC753002A 00 TcpIntf  TCP socket connected.  Socket: 1, IP: xxx.xxx.xxx.xxx
2023/12/14 17:25:35.32 NTWKTCPSC753002A 00 TcpIntf  ClientAuth SAFCheck on Socket: 1, certificate is mapped to the user USRT000
2023/12/14 17:25:38.82 NTWKTCPSC753002A 00 Logon    User logon, Socket: 1, User: USRT000
2023/12/14 17:25:38.86 NTWKTCPSC753002A 00 Logon    User passed security check: USRT000
2023/12/14 17:26:07.93 NTWKTCPSC753002A 00 TcpIntf  TCP socket disconnect. Socket: 1, IP: xxx.xxx.xxx.xxx, User: USRT000
When a connection is established successfully, one of the following event texts is written to the log. Internal ID TcpIntf is printed immediately before the event text indicating that the TCP interface was called.
Table 1. Event texts when a connection is established successfully
Event text Meaning
Server Auth request on Socket: nnnnnnnn, server certificate is validated
  • Server is set for the HandshakeRole parameter of the AT-TLS policy.
  • Server certificate is valid.
ClientAuth SAFCheck on Socket: nnnnnnnn, certificate is mapped to the user uuuuuuuu
  • ServerWithClientAuth is set for the HandshakeRole parameter of the AT-TLS policy.
  • SAFCheck is set for the ClientAuthType parameter of the AT-TLS policy.
  • The certificate sent from the client has been validated and mapped to the user ID (uuuuuuuu).
Client Auth request on Socket: nnnnnnnn, AL-TLS ClientAuthType was PassThru
  • ServerWithClientAuth is set for the HandshakeRole parameter of the AT-TLS policy.
  • PassThru is set for the ClientAuthType parameter of the AT-TLS policy.
  • Client certificate validation has been bypassed.
Client Auth request on Socket: nnnnnnnn, client certificate is validated
  • ServerWithClientAuth is set for the HandshakeRole parameter of the AT-TLS policy.
  • Either Full or Required is set for the ClientAuthType parameter of the AT-TLS policy.
  • The certificate sent from the client has been validated.
Client Auth request on Socket: nnnnnnnn, client certificate was not received
  • ServerWithClientAuth is set for the HandshakeRole parameter of the AT-TLS policy.
  • Full is set for the ClientAuthType parameter of the AT-TLS policy.
  • The certificate has not been validated because it was not presented by the client.
Connection is not secured for Socket: nnnnnnnn AT-TLS is not used.
If an error is detected in the AT-TLS policy or in the client certificate, either of the following event logs is written. See Diagnostic aids for connection errors to troubleshoot connection errors.
Table 2. Event texts when an error is detected in the AT-TLS policy or in the client certificate
Event text Explanation User response
An input message error Socket: nnnnnnnn, invalid format The TCP server received a request message that it cannot interpret. Ensure that Off is set for the ApplicationControlled parameter of the AT-TLS policy.
TCP socket connected. Socket: nnnnnnnn, IP: www.xxx.yyy.zzz

TCP socket disconnect. Socket: nnnnnnnn, IP: www.xxx.yyy.zzz, User: Nouser

 When an AT-TLS connection error occurs, only event logs indicating the establishment and termination of connections are logged. Identify the cause of the error from the AT-TLS return code and correct the error. For more information, see the AT-TLS errors section in Diagnostic aids for connection errors.
The following example shows an unsuccessful logon:
2023/12/14 06:32:26.54 NTWKTCPSC753002B 00 Logon    User logon, Socket: 1, User: USRT007
2023/12/14 06:32:26.64 NTWKTCPSC753002B 00 ErrorSeg AII0120E RACROUTE REQUEST=VERIFY,ENVIR=CREATE ended with  
			      RC=00000008 Security system RC=X'00000008'  Reason=X'00000000'.  
			      Additional messages might be available in JOBLOG for JOB DAITCP   (JOB00090)
2023/12/14 06:32:26.64 NTWKTCPSC753002B 01 ErrorSeg   User=          Group=         Target=AIITCP  Dir=Tool  
			      Correlator=00000000 00000000
2023/12/14 06:32:26.64 NTWKTCPSC753002B 02 ErrorSeg   Cmmt=ErrorSeg Module=AIINSSEC Status=00000000 Reason=00000810
The previous logon error is accompanied by the following entry in the TCP server job log: 
06.32.26 JOB00090  ICH408I USER(USRT007 ) GROUP(SYS1    ) NAME(####################)  175 
   175               LOGON/JOB INITIATION - INVALID PASSWORD                              
06.32.26 JOB00090  IRR013I  VERIFICATION FAILED. INVALID PASSWORD GIVEN.

Subordinate Tools Access Server (SOT) execution

The following example shows the execution of the assembler (ASMA90) in an SOT. The Ready lines are generated when the SOT is ready to accept new work.

The log entries show the following information:
  • All allocations that were completed by the SOT before it invoked the program.

    These allocations are freed when the program ends.

  • The program that is invoked and the parameters that are passed to it.
  • The return code of the program or an abend code if the program ends abnormally.
  • Distributed Access Infrastructure output message statistics.
 2023/08/17 13:06:48.23 SOT#0001EC05005C 00 Ready- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 2023/08/17 14:43:44.21 SOT#0001EC05005C 00 ToolExec SOT#0001 is processing program ASMA90   for user USRT005  Tool=ASMA90   Sess=005C0001 C88946E3 9AE16699
 2023/08/17 14:43:44.22 SOT#0001EC05005C 00 ToolExec Alloc DD=SYSLIB  +00 (SYSLIB  ) DSN=SYS1.MACLIB                                  VOL=RESPCK Source=AIIEXEC
 2023/08/17 14:43:44.23 SOT#0001EC05005C 00 ToolExec Alloc DD=SYSLIB  +01 (SYS00001) DSN=USRT005.MACLIB                               VOL=DASD01 Source=AIIEXEC
 2023/08/17 14:43:44.24 SOT#0001EC05005C 00 ToolExec Alloc DD=SYSIN       (SYSIN   ) DSN=SYS11290.T144344.RA000.SOT#0001.R0100123     VOL=SCR01  Source=AIISETUP
 2023/08/17 14:43:44.25 SOT#0001EC05005C 00 ToolExec Alloc DD=SYSLIN      (SYSLIN  ) DSN=SYS11290.T144344.RA000.SOT#0001.R0100124     VOL=SCR01  Source=AIIEXEC
 2023/08/17 14:43:44.26 SOT#0001EC05005C 00 ToolExec Alloc DD=SYSPRINT    (SYSPRINT) DSN=SYS11290.T144344.RA000.SOT#0001.R0100125     VOL=SCR03  Source=AIISETUP
 2023/08/17 14:43:44.27 SOT#0001EC05005C 00 ToolExec Alloc DD=SYSADATA    (SYSADATA) DSN=SYS11290.T144344.RA000.SOT#0001.R0100126     VOL=SCR01  Source=AIISETUP
 2023/08/17 14:43:44.28 SOT#0001EC05005C 00 ToolExec Alloc DD=SYSTERM     (SYSTERM ) DSN=SYS11290.T144344.RA000.SOT#0001.R0100127     VOL=SCR01  Source=AIISETUP
 2023/08/17 14:43:44.29 SOT#0001EC05005C 00 ToolExec Text copied from AIIDATA to SYSIN     Lines copied: 0024
 2023/08/17 14:43:44.33 SOT#0001EC05005C 00 ToolExec Invoking PGM=ASMA90   using Tasklib=n/a      Running in DAI data capture mode
 2023/08/17 14:43:44.33 SOT#0001EC05005C 01 ToolExec   PARM=ADATA,RENT,NOOBJECT,NODECK,XREF(LONG),LIST(133),USING(NOWARN),FLAG(NOCONT),TERM
 2023/08/17 14:43:44.50 SOT#0001EC05005C 00 ToolExec Program ASMA90   completed in SOT#0001.  RC=X'000004' User=USRT005  Sess=005C0001 C88946E3 9AE16699
 2023/08/17 14:43:44.51 SOT#0001EC05005C 00 OutStats Message statistics: Data Sent=00013884 Segments=001 User=USRT005
 2023/08/17 14:43:44.51 SOT#0001EC05005C 01 OutStats   Writes=00218 FeedBack=Y Write Err=0000 Msg=14434385 0111290F EE577F1E 0000001C
 2023/08/17 14:43:44.55 SOT#0001EC05005C 00 Ready- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Tool errors

The following example shows that an unsupported tool was requested: 
2023/12/14 09:25:52.57 TAS#####EC05003E 00 Routing  Message cannot be routed
2023/12/14 09:25:52.57 TAS#####EC05003E 01 Routing    AII0100E The requested target, "ESHLOADX", is not a known DAI enabled IMS Tool.
2023/12/14 09:25:52.57 TAS#####EC05003E 02 Routing    User=USRT005   Group=SYS1     Target=ESHLOADX Dir=Tool   
      			Correlator=C3969996 9381A340
2023/12/14 09:25:52.57 TAS#####EC05003E 03 Routing    Cmmt=Routing  Module=AIITSMSI Status=00000008 Reason=00003535
The following example shows an ITKB server connection failure:
2023/12/14 12:04:54.55 TAS#####EC05003E 00 ITKB Con getRept Server=ITKBREP1 DBD=CUST01 DDN=CUST01A RecType=U   
			      Product=UZ Report=01 Suffix=O0000000 Vers=00000001
2023/12/14 12:04:54.55 TAS#####EC05003E 01 ITKB Con   AII0149E Error connecting to ITKB server (ITKBREP1).  
			      FUNC=INITIAL RC=00000028 Rsn=X'0000000C'. HKT2301E Incorrect server name.
2023/12/14 12:04:54.55 TAS#####EC05003E 02 ITKB Con   User=USRT005   Group=SYS1     Target=AIITAS   Dir=Tool   
			      Correlator=C3969996 9381A340
2023/12/14 12:04:54.55 TAS#####EC05003E 03 ITKB Con   Cmmt=ITKB Con Module=AIITSFSV Status=00000000 Reason=00000811