Audit trail
All security-relevant events initiated from the HMC/SE by the System Administrator will be written to the security log. When these logs become full, they are pruned. This means that the oldest are deleted and the log is reduced to 67% of its capacity. The log has the capability to store many weeks worth of security relevant events under normal system operation.
To insure the no security relevant information is lost, the security log should be offloaded periodically to removable media provided with the processor. When the security log is successfully off loaded to removable media, the active log is pruned so that it does not exceed 20% of its capacity. If the active security log is below 20%, then no entries are removed. If it is above 20%, then enough active security log entries are removed (from oldest to newest) to reduce the size of the active security log to 20%. The oldest entries are still in the offloaded log.