Commands
You can control auditing by using the existing SETROPTS LOGOPTIONS and SETROPTS AUDIT.
Use SETROPTS LOGOPTIONS to specify logging options for all the
classes associated with z/OS UNIX System Services:
- DIRSRCH: Directory searches
- DIRACC: Access checks for read/write accesses to directories
- FSOBJ: Access checks for files and directories
- FSSEC: Changes to file system security
- IPCOBJ: Access checks for objects and changes to UIDs, GIDs, and modes
- PROCESS: Changes to UIDs and GIDs of processes and to privileged operations requiring superuser authority
- PROCACT: Functions that look at data from other processes or effect other processes
Here is an example:
SETROPTS LOGOPTIONS(FAILURES(DIRSRCH,DIRACC))
In
addition, you can use the SETROPTS AUDIT option to control auditing
for the FSOBJ, IPCOBJ, and the PROCESS classes.
- FSOBJ: Successful creation and deletion of file system objects
- IPCOBJ: Successful creation and deletion of objects (message queues, semaphores, and shared memory segments)
- PROCESS: Successful dubbing or undubbing of a process
Here is an example:
SETROPTS AUDIT(FSOBJ,PROCESS)