Environment variables that control the auditing function

There are two environment variables that affect the auditing function when running on a z/OS®-based Tivoli Enterprise Monitoring Server: AUDIT_TRACE and AUDIT_SMF.

Using the PARMGEN method, these values are set using the KDS_AUDIT_TRACE and KDS_AUDIT_SMF parameters in the LPAR configuration profile (%RTE_NAME%). Using the Configuration Tool, these values are set in the Enable/Disable z/OS audit collection field of the Specify Advanced Configuration Values panel.

AUDIT_TRACE

The auditing facility supports three levels of tracing:

Minimum

Records major changes to the product state such as authorization failure, new connections to the monitoring server or the portal server, or failed user login attempts.

Basic

Records any actions that modify objects or cause an access failure, such as attempts to modify monitoring server entities like situations and Take Action commands.

This is the default tracing level.

Detail

Records all authorization requests, whether successful or failed, such as all successful logins and all modifications to entities such as Take Action commands.

Disabled

Disables the auditing function.

AUDIT_SMF

z/OS only.

Controls the writing of auditing records to the System Management Facility.

Disabled

Prevents the creation of SMF records while still allowing IBM Tivoli Monitoring audit data to be recorded in the Tivoli Data Warehouse and for reporting purposes.

Enabled

Both SMF and warehouse audit records get written.

This is the default for SMF recording.

Setting the trace level to Basic or Detail might require you to enlarge your SYS1.MANn data sets or to increase the frequency with which you offload Tivoli Monitoring audit data to your SMF archives. If you do not want to record Tivoli Monitoring events, you can disable SMF audit records (AUDIT_SMF=Disabled) and thereby eliminate the storage requirements and I/O overhead necessary when writing SMF records.