Ongoing Administration and Monitoring
The AUDIT log
When an AUDIT DD statement is present in the Mainframe Connector startup procedure, additional information related to password change requests is generated. The audit log is useful for monitoring the results of all password change requests sent to a Bravura Pass server.
The AUDIT DD can specify either a target dataset or a JES SYSOUT dataset. The attributes of an AUDIT dataset must be sequential with a record length of 133 characters.
When this dataset is filled, the following message is displayed on the operator console and the Mainframe Connector AUDIT feature is disabled.
PSYNC551I -- AUDIT DATASET IS FULL. LOGGING HAS BEEN DISABLED.
Allocating a larger dataset for a subsequent startup of Mainframe Connector is one method of capturing data for a longer period. Another method is to regularly copy the log to a backup and clear the log thus keeping a history of log data over time.
You can disable the AUDIT feature by removing the DD statement entirely or by specifying a DD DUMMY statement in the startup procedure.
The example below shows a sample of the type of data written to the audit log.
2000 050 13:21:42.19 MTCJDL1 UPDATEOK 2000 050 13:40:29.10 MTCRDR1 TIMEOUT 2000 050 14:22:10.45 MTCSKG1 UPDATEFAIL 2000 050 15:45:20.32 MTCJDL1 CONNECTFAIL 2000 050 17:12:36.56 MTCRDR2 UNKNOWN
The fields in the Mainframe Connector audit log are described below:
Date
The julian date of the password change request.
Time
The time of the password change request.
Userid
The userid of the user for which the password change request is being made.
Result
The condition which resulted from a password change request. Possible values and their descriptions follow:
UPDATEOK indicates that the request went to and returned from the Bravura Pass server and that the password was deemed acceptable. The local password will be reset.
UPDATEFAIL indicates that the request went to and returned from the Bravura Pass server and that the password was deemed unacceptable. The local password will NOT be reset.
TIMEOUT indicates that the request reached the configurable timeout value before a response was received from the Bravura Pass server. The local password reset event continues.
TIMEOUT1 indicates that the request timed out waiting for the Mainframe Connector subsystem to respond to the subsystem interface request. The local password reset event continues.
TIMEOUT2 indicates that the request reached the configurable timeout value while waiting in the subsystem interface request module for a response from the Bravura Pass server. The local password reset event continues.
CONNECTFAIL indicates that a network connection error condition occurred during the request. The local password reset event continues.
UNKNOWN indicates an unknown error condition. The local password reset event continues.
BYPASS indicates that the LISTCHECK parameter value is set to either INOUT or OUTBOUNDONLY and the userid for which the current password change request is being made has been rejected by the current INLIST or EXLIST list. The local password reset event continues.
The SYNCHLOG log
When a SYNCHLOG DD statement is present in the Mainframe Connector startup procedure, additional information related to inbound requests is generated. The synchlog log is useful for monitoring the results of all inbound requests that have been sent from a Bravura Pass server.
The SYNCHLOG DD can specify either a target dataset or a JES SYSOUT dataset. The attributes of a SYNCHLOG dataset must be sequential with a record length of 133 characters.
When this dataset is filled, the following message is displayed on the operator console and the Mainframe Connector SYNCHLOG feature is disabled.
PSYNC553I - SYNCHLOG DATASET IS FULL. LOGGING HAS BEEN DISABLED.
Allocating a larger dataset for a subsequent startup of Mainframe Connector is one method of capturing data for a longer period. Another method is to regularly copy the log to a backup and clear the log thus keeping a history of log data over time.
You can disable the SYNCHLOG feature by removing the DD statement entirely or by specifying a DD DUMMY statement in the startup procedure.
Mainframe Connector SMF records
If you specify an SMFREC parameter in the PARMLIB dataset for Mainframe Connector startup, Mainframe Connector will capture z/OS SMF records for Mainframe Connector events. The following are the Mainframe Connector events that will be captured for SMF recording:
Locally initiated password change successful
Locally initiated password change rejected by the Bravura Pass server
Locally initiated password change timed out waiting for a response from the Bravura Pass server. The password change is allowed to continue.
Locally initiated password change experienced a network connection failure. The password change is allowed to continue.
Locally initiated password change experienced an unknown failure. The password change is allowed to continue.
A Bravura Pass server initiated password VERIFY is successful
A Bravura Pass server initiated password CHANGE is successful
A Bravura Pass server initiated password RESET is successful
A Bravura Security Fabric server initiated USERPOLL is successful
A Bravura Pass server initiated RESETEXPIRE is successful
A Bravura Security Fabric server initiated EXPIRE is successful
A Bravura Security Fabric server initiated ENABLE is successful
A Bravura Security Fabric server initiated DISABLE is successful
A Bravura Security Fabric server initiated revoke status check occurred
An Bravura Identity server initiated userid CREATE is successful
An Bravura Identity server initiated userid DELETE is successful
An Bravura Identity server initiated LISTGROUP is successful
An Bravura Identity server initiated LISTMEMBERS is successful
An Bravura Identity server initiated userid group add is successful
An Bravura Identity server initiated userid group delete is successful
An Bravura Identity server initiated userid attribute update is successful
An Bravura Identity server initiated userid attribute extract is successful
A Bravura Pass server initiated password phrase RESET is successful
A Bravura Pass server initiated password phrase RESETEXPIRE is successful
An Bravura Identity server initiated resource userid/groupid access update is successful
See SMF Record Mapping for details regarding the SMF record mapping for Mainframe Connector SMF records.