Using System Management Facilities (SMF) for audit logging

If you intend to use SMF for audit logging, you must do the following:

  1. Each Z Data Tools component has a customization module:
    For Z Data Tools Base component
    For ZDT/IMS
    For ZDT/Db2
    For ZDT/CICS

    All the customization modules include an HFM0POPI macro specification, which is described in Z Data Tools options. The SMF record number is specified using the SMFNO parameter of the HFM0POPI macro. See SMFNO. You should specify the SMF record number in the HFMxPOPT member when you are using HFMxPOPT controlled auditing, or SAF-controlled auditing without the use of a member in SYS1.PARMLIB.

  2. Auditing for each Z Data Tools component can be controlled using a member in SYS1.PARMLIB, or other library in the logical PARMLIB concatenation. The member names for each component are:

    HFM0PARM  For Z Data Tools Base component
    HFM2PARM  For ZDT/Db2

    Specify the SMF record number in the HFMxPARM member when you are using SAF-controlled auditing and a member in SYS1.PARMLIB.

To activate any changes you have made to SYS1.PARMLIB members, either restart your system, or use the appropriate commands for your site to dynamically activate the changes.

For more information about SMF, see z/OS MVS System Management Facilities (SMF).

To report on the audit trail information collected by SMF, you must extract this information from SMF to your own data set. The information in this data set can then be printed by the Z Data Tools Print Audit Trail utility. To do this select the "Audit trail" option from the Utilities menu.

A sample job, HFMSMFX, is provided in HFM.SHFMSAM1 to help you extract the SMF data to your own data set. See the comments in the job for information about changes you need to make to the job. The sample job can be used to extract audit log records for all Z Data Tools components (Base, ZDT/Db2, ZDT/IMS, and ZDT/CICS). The logon ID used to run the sample job must have read access to the SYS1.MANx data sets to run successfully.