Page 1 of 1

Audit Capabilities

PostPosted: Tue Jan 11, 2011 5:18 am
by greenja9
Would this be an accurate statement:

The CA Top Secret application and maintained syslog file are the automated processes to capture events.

If not, what are the name of the files that are created by the CA application, i.e. the unix equivalent...

Thanks,
greenja9

Re: Audit Capabilities

PostPosted: Tue Jan 11, 2011 5:55 am
by Robert Sample
Top Secret, like RACF and ACF2, is a security package that manages access to system resources. It may issue messags to the console log, but I'm not 100% sure what you mean by "managed syslog file". Depending upon what you mean by "event", either Top Secret or SMF (or both) will capture the "event" -- security access violaitons will be flagged by Top Secret, but in general system activity is logged by the SMF subsystem (including the security access violations). And where does Unix System Services come into this as your last sentence indicates? Which CA application is creating files? And, generally, part of the CA installation process is to customize data set names so only someone who works AT YOUR SITE (such asyour site security group) could possibly tell you what names are used for these data sets.

Re: Audit Capabilities

PostPosted: Tue Jan 11, 2011 9:28 am
by dick scherrer
Hi Robert,

And where does Unix System Services come into this as your last sentence indicates?
I suspect this is a reference to "real" unix instead of the mainframe system services. . .

If my memory is still with me, i recall HP-UX (Hewlett-Packer Unix) logged login attempts/failures and placed a bit of tcp/ip info in the logged entry. Our systems also ran several "packet sniffers" to look for people tryhing to "sneak in". Due to the nature of the systems, we checked these logs rather regularly.

Would this be an accurate statement:

The CA Top Secret application and maintained syslog file are the automated processes to capture events.
I'd vote that this is not an accurate statement - largely because the question is quite confusing. As far as i know TSS is NOT an automated process to "capture events" - it is to restrict/grant access to "things".

I've used console log (also called the system log many places) but i'm not familiar with the term "maintained syslog file".

Maybe we'll get some clarification. . .