Using System Management Facilities (SMF) for audit logging

If you intend to use SMF for audit logging, you must do the following:

  • Select an SMF record number between 128 and 255 for the audit log records, and include it in your SMF parmlib member SMFPRMxx.
  • Specify this SMF record number in one of these locations:
    • The HFM0POPI macro for the appropriate HFMxPOPT module. (See Note 1).
    • The HFMxPARM member in SYS1.PARMLIB, or other library in the logical PARMLIB concatenation. (See Note 2).
  • Ensure that the load module HFMSMF is APF-authorized. You can make HFMSMF APF-authorized either by authorizing the load library, HFM.SHFMMOD1, or by copying HFMSMF to another authorized library. For more information about authorizing HFM.SHFMMOD1, see Running Z Data Tools with APF-authorization.
  • Add the load module HFMSMF to the AUTHTSF list in member IKJTSOxx in SYS1.PARMLIB. If you do not do this, even if you have selected to record to SMF and you have specified an SMF record number, no recording is done.
Note:
  1. Each Z Data Tools component has a customization module:
    HFM0POPT
    For Z Data Tools Base component
    HFM1POPT
    For ZDT/IMS
    HFM2POPT
    For ZDT/Db2
    HFM3POPT
    For ZDT/CICS

    All the customization modules include an HFM0POPI macro specification, which is described in Z Data Tools options. The SMF record number is specified using the SMFNO parameter of the HFM0POPI macro. See SMFNO. You should specify the SMF record number in the HFMxPOPT member when you are using HFMxPOPT controlled auditing, or SAF-controlled auditing without the use of a member in SYS1.PARMLIB.

  2. Auditing for each Z Data Tools component can be controlled using a member in SYS1.PARMLIB, or other library in the logical PARMLIB concatenation. The member names for each component are:


    HFM0PARM  For Z Data Tools Base component
    HFM1PARM  For ZDT/IMS
    HFM2PARM  For ZDT/Db2
    HFM3PARM  For ZDT/CICS

    Specify the SMF record number in the HFMxPARM member when you are using SAF-controlled auditing and a member in SYS1.PARMLIB.

To activate any changes you have made to SYS1.PARMLIB members, either restart your system, or use the appropriate commands for your site to dynamically activate the changes.

For more information about SMF, see z/OS MVS System Management Facilities (SMF).

To report on the audit trail information collected by SMF, you must extract this information from SMF to your own data set. The information in this data set can then be printed by the Z Data Tools Print Audit Trail utility. To do this select the Audit trail option from the Utilities menu.

A sample job, HFMSMFX, is provided in HFM.SHFMSAM1 to help you extract the SMF data to your own data set. See the comments in the job for information about changes you need to make to the job. The sample job can be used to extract audit log records for all Z Data Tools components (Base, ZDT/Db2, ZDT/IMS, and ZDT/CICS). The logon ID used to run the sample job must have read access to the SYS1.MANx data sets to run successfully.