When logging a resource access event to CA Compliance Manager, a logstream record is generated with variable length fields. However, when that record is offloaded, those fields are placed in fixed positions, resulting in a record that can reach 6468 bytes. As additional data is added, the record will invariably become even larger.
The event record contains the full permit (if any) associated with the event. This data can occupy a lot of space, up to 2829 bytes.
I would like to suggest that a better solution would be to generate UUIDs on the creation of an accessor ID, on the assignment of a resource ownership, and on the issuance of a permit.
A UUID (1+36 bytes) associated with the accessor ID could be used in place of EVTUSERID (1+8 bytes) and EVTUSERNAME (1+2+256 bytes), resulting in a net savings of to to 231 bytes.
A UUID (1+36) bytes associated with a permit could be used in place of POLKEY (1+2+256), POLRULE (1+2+512), POLLINE (1+2), POLTOD (1+26), POLACIDTYPE (1+1), POLACID (1+8), POLPERMIT (1+2+2048), resulting in a net savings of up to 2829 bytes.
A UUID for up to two (2) resource owners (volume + dataset) would add 74 bytes, and for an additional permit (volume + dataset) would add another 37 bytes.
Overall, the net savings could amount to as much as 2949 bytes per event record.
The display of UUIDs associated with accessor IDs, resource ownerships, and permits could be controlled by a new DATA(...) operand. For example, DATA(UUID).
These UUIDs could be used in the event logs, significantly reducing the size of the event records, and reducing CPU time during event logging.
The UUIDs could be recorded in CIA, where they could then be used to match events against specific accessor IDs, resource ownerships, and permits.
John P. Baker