Release notes of Adabas Auditing for z/OS.
The Audit Log replaces the Command Log in the Audit Server. Refer to the following table for topics concerning the creation and operation of Audit Logs.
Topic | Description |
---|---|
Create Audit Logs | DDALOGRn datasets must be created and formatted. For more information, refer to ADAFRM ALOGFRM. |
ADARUN parameters | ADARUN parameters must be added to control Audit Log processing. For more information relating to the parameters DUALALD, DUALALS, NALOG, ALOGDEV and ALOGSIZE, refer to Pertinent ADARUN Parameters for Auditing. |
Force End-of-file | The operator command FEOFAL is used to force end-of-file on the current Audit Log. For more information, refer to FEOFAL Command. |
Add/Delete Audit Logs | Audit Logs can be added and deleted using the ADADBS utility. For more information, refer to ADADBS ADDALOG and ADADBS DELALOG respectively. |
Copying Audit Logs | Audit Logs are copied using the ADARES utility. For more information, refer to ADARES ALCOPY. |
In the event of a disconnection between an Auditing Database and an Audit Server, the AUDCONNECT command may be used to re-establish a connection.
For support by an Operator Command, refer to AUDCONNECT Command.
For support by the ADADBS utility, refer to ADADBS OPERCOM AUDCONNECT.
For support by Adabas Auditing Administration Services (SYSALAA), refer to Force Connection Attempt.
When auditing is enabled for a file in an Auditing Database, an Audit Name must be assigned to the file and Adabas will then automatically assign an Audit ID.
In the previous version of Adabas Auditing, the Audit Name used by the utilities ADACMP, ADADBS and ADALOD was incorrectly labelled as AUDITID. This caused confusion between the user assigned Audit Name and the Adabas automatically assigned Audit ID. This has been corrected in Adabas Auditing version 2.2 SP1. The Audit Name used by utilities is now correctly referred to as AUDITNM.
For more information, refer to the following utility documentation:
For ADACMP, refer to ADACMP COMPRESS AUDITNM=
For ADADBS, refer to ADADBS MODFCB AUDITNM=
For ADALOD, refer to ADALOD LOAD Parameters
The ADADBS OPERCOM DAUDPARM utility issued to an Audit Server previously only reported the global parameters. With this new version all pertinent configuration is now reported.
For more information, refer to ADADBS OPERCOM DAUDPARM.
The operator command DAUDSTAT and the ADADBS OPERCOM DAUDSTAT have been enhanced to report the following information:
The number of items rejected due to errors
The number of admin items
The number of GFFT items
For more information, refer to ADADBS OPERCOM DAUDSTAT.
This version of Adabas Auditing introduces two new classes of Audit events; Administration and Structural Database Changes (DDL):
An Administration event is one which inquires or alters the state of the database. For example, ADADBS OPERCOM DAUDPARM and ADADBS OPERCOM FEOFAL.
A Structural Database Change (DDL) event is one which alters the structure of the database such as adding a new field or deleting an existing field.
These new classes of Audit events are supported by corresponding new Subscriptions which are automatically defined when an Audit system file is created:
A Subscription named ADMIN with an ID of SUBSYS1 is created for Administration events.
A Subscription named DDL with an ID of SUBSYS2 is created for DDL events.
Additional configuration has also been added to enable the administration of these new events:
Adabas Auditing Configuration (SYSALA) new menu option T for Admin Subscription Definitions has been added.
New Auditing Database (ADAANP) File parameters have been added to enable the auditing of administration and DDL events at the file level. Specified in the ADAANP DD input, the new file parameters are FADMPARM and FADMINFO. For example:
ADAANP FILE ADAANP FLIST=1,100 ADAANP FACCDS=YES Collect data storage (compressed record) ADAANP FDELDS=YES Collect data storage (compressed record) ... ADAANP FADMPARM=YES Collect admin and DDL event data ADAANP FADMINFO=YES Collect admin and DDL client info
The Audit Server now requires a DDAUDERR DD card.
For example:
//DDAUDERR DD SYSOUT=X
The majority of messages are written to the console however certain messages will now be written to DDAUDERR.
Messages written to DDAUDERR are formatted similarly to multi-line console messages with the message number and Database ID appearing only on the first line. Each line is prefixed with the Julian date and local time.
Changes to the structure and content of the Audit system file require that a new system file must be loaded into the Audit Server using the ALLSYSF dataset supplied with this version of Adabas Auditing.
For more information on loading an Audit system file, refer to ADALOD LOAD Parameters for the Adabas Audit Server.
Reloading the Audit system file will require the recreation in SYSALA of any configuration you may have defined using the previous version of Adabas Auditing (for example subscriptions, destinations, filters, etc..).
After loading the new Audit system file, the predefined subscriptions SUBSYS1 and SUBSYS2 will require updating to avoid the following warning messages:
ADAAJZ At least one destination is required for subscription SUBSYS1 ADAAJZ At least one destination is required for subscription SUBSYS2