z/OS Security Server RACF Diagnosis Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Obtaining traces on z/OS UNIX System Services

z/OS Security Server RACF Diagnosis Guide
GA32-0886-00

When access to a resource is allowed (or denied) incorrectly, you can obtain more data about the problem by using the RACF® SET TRACE command, or with GTF trace. GTF trace must be activated to obtain trace output just before reproducing the problem.

To obtain a trace when access is incorrectly denied, using the RACF SET TRACE command. See Obtaining trace records using the SET TRACE command.

To obtain a trace with GTF trace, the trace must be activated to obtain trace output just before reproducing the problem. You may use this procedure:
  1. To start GTF, enter this command: 
    START GTF,TRACE=SLIP
  2. Set this SLIP trap for callable services: 
    SLIP SET,IF,LPAEP=(IRRRFR10,0,0),ACTION=TRACE,JOBNAME=xxx,
     TRDATA=(STD,REGS,1R?,+100),END

    where xxx is the job name of a batch job or the user ID of an interactive user.

    This SLIP trap produces a GTF trace entry each time a RACF callable service is invoked (IRRRFR10 is the module called by the RACF callable service). The trace entry contains the parameter list passed with the RACF callable service request.

  3. Run the job that has the access problem (or ask the user to attempt to gain access to the resource again) while GTF is on.
  4. Stop GTF after the job has ended or after the user has attempted access.
  5. Examine the GTF trace output. See z/OS MVS IPCS Commands for more information.
Parent topic: Collecting problem data

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014