With their release of z/OS 2.2, IBM has introduced digital signatures to SMF Data. These signatures appear as SMF Type 2 records in the data with two subtypes:
- Subtype 1 - Group Signatures
- Subtype 2 - Interval Signatures
A Group Signature signs a group of SMF records of a specific type and subtype. This record is produced anytime a specific type and subtype of record is written in a minute following any other records of that type and subtype in the current SMF interval. For SMF type/subtypes that are produced very frequently, you might get one of these group signature records for each minute of the interval, whereas for type/subtypes that aren't written in an interval, you will not see any of these records at all. The records indicate the duration of the type/subtype group by indicating the time stamp of the first and last records of the group.
An Interval Signature signs all SMF records of a specific type and subtype that are produced over the course of a single interval. Additionally, if no records of a specific type/subtype are produced in an interval but have been produced before the interval, a signature record indicating there are no records to sign will also be produced. In short, once a type/subtype combination is detected in the SMF logstream, there will always be interval records produced for that type/subtype, even if no records are written for that type/subtype combination for days or even weeks.
There are two PTFs that have been produced for CA SMF Director to handle the digital signature records and are needed when moving to z/OS 2.2. They are:
RO84407 - This PTF modifies the kernel load module of SMF Director, SMFD. It ensures that when SMF Director sees signature records, that they are handled properly. Additionally, this PTF adds the new "SIGNATURES" operand to the EXTRACT, PRINT and SPLIT control statements, indicating whether or not the output SMF file(s) produced by these control statements should contain the signature records. The default for all of the control statements is "SIGNATURES(NO)", meaning that the existing EXTRACT, PRINT and SPLIT control statements will produce output the same was as they did before digital signatures. If signatures are needed in the output file, then the SIGNATURES(YES) operand should be coded.
RO85733 - This PTF modifies the SMF logstream dumping programs SMFDLS, SMFDLX1, SMFDLX2, and SMFDLX3 so that logstream dumping will collect the digital signature records from any logstream where they are being recorded. Please note that SMF Director will always collect the signature records and place them into the SMF History files in its archive. This way they will be available for later recall if necessary. Signature collection will be done if SMF Director detects that the logstream is recording signatures. If the SMF dump is being performed from another system using a shared logstream that at release level z/OS 2.2, then the SIGNATURES control statement provided to SMFDLS via the SMFDLSIN DD can be used to tell SMF Director to collect the signatures.
There is a PDC available that documents all of the new control statement operands for SMFD and SMFDLS: RI84834
So, if you have any questions about SMF Digital Signatures, or questions about SMF Director's support of them, or even if you want to share/swap ideas about how you might go about implementing SMF Digital Signatures, please comment below!