Configuring auditing on a monitoring server
Auditing captures significant events occurring in your site's monitoring environment and records them in permanent storage for later retrieval and analysis. Each audit record fully describes some event that has changed the state of your monitoring environment: authorization and authentication failures (such as those that allow or disallow the execution of Take Action commands), and major and minor state changes (though they do not reflect the minor service messages stored in the RAS logs). You can configure the Tivoli Enterprise Monitoring Server running on z/OS to write audit records to the z/OS System Management Facility (SMF). This configuration enables you to use SMF to integrate OMEGAMON events with the event data recorded by other products and components that run on your z/OS system. You can extract OMEGAMON XE audit record data from SMF data sets (or from the archives of such data sets) for analysis of performance or resource utilization, and for validation of security events (authorization and authentication).
About this task
- KDS_AUDIT_TRACE
- This parameter is used to enable or disable auditing collection in SMF and set the level of tracing. Message trace levels (from low to high) are X (Disabled), M (Minimum), B (Basic), and D (Detail). Higher levels imply all lower levels.
- KDS_AUDIT_MAX_HIST
- This parameter specifies the maximum number of entries kept in the in-memory cache for direct queries. Possible values are 10–1000.
- KDS_AUDIT_ITM_DOMAIN
- This parameter specifies an identifier that may be used to associate audit records. Possible value is a string of up to 32 characters.