Classes that Control Auditing for OpenExtensions VM

The following classes are defined to control auditing:

DIRACC
DIRSRCH
FSOBJ
FSSEC
PROCESS

No profiles can be defined in these classes. They are for audit purposes only. These classes do not need to be active to be used to control OpenExtensions VM auditing. Activating the classes has no effect on auditing or authorization checking.

Each of the classes controls auditing for OpenExtensions VM in a particular way. You can use the SETROPTS LOGOPTIONS command to specify the logging options. The descriptions that follow define the type of auditing each class controls.

The classes are:

DIRACC

Controls auditing for access checks for read/write access to directories:

Audit event codes:: 29, 56

DIRSRCH

Controls auditing of directory searches:

Audit event code:: 28

Attention:
Auditing directory searches may degrade BFS and RACF performance because directory searches are performed so frequently.

FSOBJ

Controls auditing for all access checks for file system objects except directories via SETROPTS LOGOPTIONS and controls auditing of creation and deletion of file system objects (including directories) via SETROPTS AUDIT.

For object access:

Audit event codes:: 30, 56

For object create and delete or name change:

Audit event codes:: 41, 42, 43, 45, 47, 48, 53, 54

FSSEC

Controls auditing for changes to the security data (file owner, file mode, and audit options) for file system objects:

Audit event codes:: 31, 33, 34

PROCESS

Controls auditing of changes to the UIDs and GIDs of processes

Audit event codes:: 36, 49, 50, 51, 52