Stopping the Auditing of a Specific z/VM Event in a System z/VM Event Profile
To stop auditing a specific z/VM event within a system z/VM event profile, do the following:
- Identify the profile that was last used to set auditing on the
system. You can compare the output from the SETEVENT LIST command
(which shows the actual settings on the system) with the output from
the RLIST command (which shows the settings that would be made from
a VMXEVENT profile). For example, on z/VM, suppose SETEVENT LIST indicates that the SPOOL and TAG commands are to be audited. If the output of the command RLIST VMXEVENT EVENTS (Figure 1) is the following, then the z/VM event profile EVENTS was most likely the last used to set auditing on the system.
Figure 1. Output from RLIST VMXEVENT EVENTS Command CLASS NAME ----- ---- VMXEVENT EVENTS MEMBER CLASS NAME ------ ----- ---- VXMBR OPTION z/VM EVENT AUDIT AND/OR CONTROL MEMBERS ------ ------------------------------------- IN DIAL IN MESSAGE.G AUDIT SPOOL AUDIT TAG LEVEL OWNER UNIVERSAL ACCESS YOUR ACCESS WARNING ----- -------- ---------------- ----------- ------- 00 IBMUSER NONE ALTER NO INSTALLATION DATA ----------------- NONE APPLICATION DATA ---------------- NONE AUDITING -------- FAILURES(READ) GLOBALAUDIT ----------- NONE NOTIFY ------ NO USER TO BE NOTIFIED - Update the VMXEVENT profile using the RALTER command with the
DELMEM operand. For example, the following command changes profile EVENTS so that TAG is not audited when profile EVENTS is in effect.
RALTER VMXEVENT EVENTS DELMEM(TAG/AUDIT) - Use the SETEVENT REFRESH command to refresh the system with that
profile.
SETEVENT REFRESH EVENTSNote: Only users with the AUDITOR attribute can add or delete events that have been designated with the AUDIT option in the profile. In addition, only users with the AUDITOR attribute can issue the SETEVENT command to refresh the events they have chosen to audit.