Commands

You can control auditing by using the existing SETROPTS LOGOPTIONS and SETROPTS AUDIT.

Use SETROPTS LOGOPTIONS to specify logging options for all the classes associated with z/OS UNIX System Services:
  • DIRSRCH: Directory searches
  • DIRACC: Access checks for read/write accesses to directories
  • FSOBJ: Access checks for files and directories
  • FSSEC: Changes to file system security
  • IPCOBJ: Access checks for objects and changes to UIDs, GIDs, and modes
  • PROCESS: Changes to UIDs and GIDs of processes and to privileged operations requiring superuser authority
  • PROCACT: Functions that look at data from other processes or effect other processes
Here is an example: 
SETROPTS LOGOPTIONS(FAILURES(DIRSRCH,DIRACC))
In addition, you can use the SETROPTS AUDIT option to control auditing for the FSOBJ, IPCOBJ, and the PROCESS classes.
  • FSOBJ: Successful creation and deletion of file system objects
  • IPCOBJ: Successful creation and deletion of objects (message queues, semaphores, and shared memory segments)
  • PROCESS: Successful dubbing or undubbing of a process
Here is an example: 
SETROPTS AUDIT(FSOBJ,PROCESS)
Parent topic: Auditing for z/OS UNIX System Services