Co-existing with other DFSFLGX0, DFSISVI0, and DFSAOE00 exit routines
IBM® Security Guardium® S-TAP® for IMS™ provides product-specific DFSAOE00 (Type-2 AOIE Exit), DFSFLGX0 (IMS Logger), and DFSISVI0 (IMS batch) exits that enable reports on IMS DL/I call activity. The DFSAOE00 (Type-2 AOIE exit) enables you to audit IMS DBR, DB_PSB, CTL_STRT, and USERS commands. In some IMS environments, user requirements or third-party vendor products also require use of these exits. IBM Security Guardium S-TAP for IMS can accommodate multiple DFSISVI0 exit routines using internal exit cascading methods specific to IBM Security Guardium S-TAP for IMS.
Using IMS Tools Generic Exits
IMS Tools Generic Exits are a collection of components that provide common command and exit routine interfaces that support the operation of IMS tools in an IMS environment.
IBM Security Guardium S-TAP for IMS supports the protocols used by the IMS Tools Generic Exit product. You can define the IBM Security Guardium S-TAP for IMS copy of the DFSFLGX0 exit by supplying IMS with a PROCLIB member using a BPE-style control statement, or by building a load module that contains the required information.
EXITDEF(TYPE(LOGR) EXITNAME(AUIFLGX0) LOADLIB(AUI.SAUIIMOD))Using IBM Security Guardium S-TAP for IMS DFSISVI0 exit cascading
When the IBM IMS Tools Generic Exit is not available for use, IBM Security Guardium S-TAP for IMS provides a way to support two instances of the DFSFLGX0 and DFSISVI0 exits.
The program AUIISVI0 (DFSISIV0) is loaded from a DSN within the JOBLIB/STEPLIB concatenation. The AUIISVI0 (DFSISIV0) program then searches all subsequent DSNs within the JOBLIB/STEPLIB DD concatenation to find the next occurrence of the exit with the same name.
- If no occurrence is found, the IMS DFSISVI0 exit is not cascaded.
- If an exit is found, and the exit found is another instance of the IBM Security Guardium S-TAP for IMS exit, the search continues with the remainder of the DSNs in the concatenation.
- If a non-IBM Security Guardium S-TAP for IMS exit is found, this new exit is loaded and called with R13 pointing to the save area supplied by IMS. A new 512 byte user work area, obtained specifically for this exit instance, is then pointed to by the SXPLAWRK field of the IMS Standard User Exit Parameter List (DFSSXPL). This 512 byte work area is obtained when the first (or INIT) call is done; the work area address (in the SXLPAWRK field) and work area content are maintained for all subsequent calls.
The IBM Security Guardium S-TAP for IMS-supplied program AUIAOE00 (DFSAOE00) does not use its own exit cascading. Instead, AUIAOE00 co-exists with other IMS Type-2 AOIE exits, each having its own name in the DFSDFxxx EXITDEF TYPE=AOIE exit list.
The IBM Security Guardium S-TAP for IMS-supplied programs AUIOMEIT and AUIOMECM, the IMS Operations Manager (OM) initialization/termination routine, and the command auditing routine, respectively, do not have its own exit cascading. Instead, each co-exists with other OM exits and has its own name in the IMS Base Primitive Environment (BPE) exit list.
Exit cascading restrictions
In a non-APF-authorized environment, the exit load module to cascade to must have an ALIAS and the ALIAS must be either DFSFLGX0 or DFSISVI0 if the target exit module has the RENT or REUS attribute on. Examples of non-APF-authorized environments include executing program DFSULTR0 or an IMS DLI/DBB batch program.