Auditing

The auditing function allows you to capture significant events occurring in your site's monitoring environment and record them in permanent storage for later retrieval and analysis. Each audit record fully describes some event that has changed the state of your monitoring environment: authorization and authentication failures (such as those that allow or disallow the execution of Take Action commands), and major and minor state changes (though they do not reflect the minor service messages stored in the RAS logs). Platforms covered include Windows, UNIX/Linux, IBM® i, and z/OS®. The records stored are compatible with those created by Tivoli Business Service Manager.

Auditing and logging records can be stored in the Tivoli Data Warehouse. Standard reports are provided by the IBM Cognos feature. In addition, the Tivoli Enterprise Portal Managed System Lists workspace (within the Enterprise icon) enables you to view auditing and logging records online; for information, see IBM Tivoli Monitoring: Tivoli Enterprise Portal User's Guide.

Initially, the auditing function is turned off by default on all Tivoli Management Services nodes.

On z/OS, the auditing facility optionally creates and stores Systems Management Facility–format (SMF) type-112 records, coded in UTF8 and included in a common repository (the SYS1.MANn data sets) with all other z/OS event data. Note that SMF type-112 records are disabled by default in the SYS1.PARMLIB(SMFPRMxx) member. To display the current SMFPRMxx settings, invoke the z/OS console command D SMF. For complete information on the syntax of this console command, including how you check which records are enabled for recording and how you dynamically change these settings, consult the z/OS System Management Facilities document and the MVS™ System Commands reference.

The auditing data written covers the self-describing agents (including their auto-refresh feature), actions of the Warehouse Proxy Agent, successful and failed automation-command actions (for example, the invocation of Take Action commands), and IBM Tivoli Monitoring's integration with Tivoli Application Dependency Discovery Manager.