Log Entry Classes lists several security-relevant items that can be logged by the system. The list is organized by major and minor types.
On systems where security is an important concern, log at least all the items listed in Log Entry Classes, with one exception: If the minor types under major type 14 are logged, it is not necessary to log the minor types under major type 3.
Table 45. Log Entry Classes
|
Major Type |
Minor Type |
Item Logged |
|---|---|---|
|
1 |
JOB RECORD |
|
|
1 |
Beginning-of-job (BOJ) record |
|
|
2 |
End-of-job (EOJ) record |
|
|
3 |
Beginning-of-task (BOT) record |
|
|
4 |
End-of-task (EOT) record |
|
|
5 |
File-open record |
|
|
6 |
File-close record |
|
|
9 |
Usercode validation (LOGVALIDATE) |
|
|
15 |
Library link |
|
|
16 |
Library delink |
|
|
19 |
Database open |
|
|
20 |
Database close |
|
|
25 |
File statistics record |
|
|
30 |
Database Security Error |
|
|
35 |
Database Access |
|
|
2 |
MAINTENANCE RECORD |
|
|
17 |
Hardware Configuration |
|
|
18 |
Software Configuration |
|
|
3 |
STRING RECORD |
|
|
1 |
RSVP message |
|
|
4 |
SYSTEM message |
|
|
7 |
DISPLAY message |
|
|
9 |
UNIT RSVP message |
|
|
10 |
Special RSVP message |
|
|
4 |
MCS RECORD |
|
|
1 |
Session log-on record |
|
|
2 |
Session log-off record |
|
|
4 |
MCS message record |
|
|
6 |
MCS security violation entry |
|
|
7 |
MCS station application |
|
|
10 |
Direct window open/close |
|
|
13 |
Session log-on with authentication data |
|
|
6 |
MISCELLANEOUS RECORD |
|
|
1 |
Halt/load record |
|
|
3 |
SETSTATUS record |
|
|
4 |
Security violation |
|
|
7 |
Controller command |
|
|
8 |
Print subsystem command |
|
|
9 |
USERDATA change |
|
|
11 |
New USERDATA install |
|
|
12 |
Primitive command |
|
|
14 |
MLS MESSAGE ENTRY |
|
|
1 |
RSVP message entry |
|
|
4 |
INFO message entry |
|
|
7 |
DISPLAY message entry |
|
|
9 |
Unit RSVP message entry |
|
|
10 |
Special RSVP message entry |
|
|
16 |
FILE STATUS RECORD |
|
|
2 |
File creation |
|
|
3 |
File removal |
|
|
4 |
File title change |
|
|
5 |
File security attribute |
|
|
17 |
DATA COMM CONFIGURATION RECORD |
|
|
1 |
Data comm IDC change |
|
|
3 |
New data comm install |
|
|
18 |
COMS CONFIGURATION RECORD |
|
|
11 |
Usercode change |
|
|
13 |
Load file |
|
|
20 |
SYSTEM SECURITY RECORD |
|
|
1 |
Key Management |
|
|
2 |
Security Center Error |
|
|
3 |
Key Manager Library |
|
|
4 |
Client Access Services |
|
|
27 |
TCP/IP RECORD |
|
|
11 |
Security |
|
|
15 |
SSL |
|
|
20 |
IPsec |
|
|
24 |
SSH |
|
|
38 |
SSH |
|
|
1 |
Inbound Connection Open |
|
|
2 |
Inbound Connection Close |
|
|
3 |
Inbound Channel Open |
|
|
4 |
Inbound Channel Request |
|
|
5 |
Inbound Channel Close |
|
|
11 |
Outbound Connection Open |
|
|
12 |
Outbound Connection Close |
|
|
13 |
Outbound Channel Open |
|
|
14 |
Outbound Channel Request |
|
|
15 |
Outbound Channel Close |
|
|
40 |
MULTI-FACTOR AUTHENTICATION RECORD |
|
|
1 |
Authentication |
-
Log entries can be written to the SUMLOG or security log file (which record activity for all jobs), the job log file (which records the activity of an individual job), both places, or none of these logs. Default logging actions are established by the MCP and can be changed by the user.
-
Use the LOGGING command to display or change the destinations of particular log entry types. Refer to the System Commands Reference for details and options.
-
Refer to the System Log Programming Reference Manual for information on log entry types and to see the default action for each logging type and subtype.
