Skip main navigation (Press Enter).

Mainframe Cybersecurity & Compliance

Back to discussions

Expand all | Collapse all

LOG(SMF)

Faik Erdem REFMS0lMScOHMar 24, 2014 11:15 AM

Hi all, I have got some questions related to LOG(SMF) option in Top Secret. Does anyone use this ...

dweimerJan 15, 2015 06:28 PM

We're not using LOG(SMF) yet, but one thing SMF logging gives you is the ability to have all security ...

1. LOG(SMF)

Recommend
Faik Erdem REFMS0lMScOH
Posted Mar 24, 2014 11:15 AM

Reply Reply Privately
Hi all,

I have got some questions related to LOG(SMF) option in Top Secret.
Does anyone use this option to have benefit of SMF Logger?
If yes,
which method (CF,Dasd-Only?)?
How many LPARs do you have in your environment?
How do you create reports in sysplex environment to get violation information using TSSUTIL?

Thanks & regards,
Erdem.

#TopSecret
2. Re: LOG(SMF)

Recommend
dweimer
Posted Jan 15, 2015 06:28 PM

Reply Reply Privately
We're not using LOG(SMF) yet, but one thing SMF logging gives you is the ability to have all security events pass through the SMF exits - including vendor supplied exits. These exits can do lots of cool things. We're currently looking at the "CorreLog" product which will capture events (including security events) using the SMF exits and send then to ARCSITE(*).

Sorry if this is a little off topic.

- Don

(*) ARCSITE, for those who don't know [including me until recently] is a product/server that collects and correlates the logs (they call them the SYSLOG - not to be confused with the zOS SYSLOG) from multiple Open Systems platforms into one place. Aparently we've been using ARCSITE here for quite some time.

#TopSecret

Copyright 2025. All rights reserved.

Powered by Higher Logic

Global message icon