The primary tools for auditing consist of SYSTEM/SUMLOG, which is the file containing the records of events and actions on the system; its companion security log file, SYSTEM/SECURITYLOG, which contains security-related records; and utilities designed to examine these logs. The primary utilities for examining the logs are LOGANALYZER and LOGGER.
Except as otherwise noted, references to the SUMLOG apply to both the SUMLOG file and the security log file.
You also have the option of writing your own programs to examine the log.
If you use your own program for security-related auditing, the program
-
Must be protected from unwarranted tampering.
-
Should use appropriate security file attributes and, perhaps, guard files.
-
Should be designed to use the System Data Access support (SDASUPPORT) library, when it is present.
The SDASUPPORT library enforces selective access control to the SUMLOG.
Two exported MCP procedures also provide users with the capability of monitoring system activity.
