New Feature: IMS Command Auditing with the IMS Type-2 AOIE exit and with the IMS Operations Manager Exit
New IMS Control Region Type-2 AOIE exit AUIAOE00 is now available to audit IMS type-1 commands. Previously type-1 commands could be audited only by the S-TAP IMS Agent log reader task, AUILSTC. AUIAOE00, which is user specific IMS DFSAOE00 exit, has the following advantages:
- The USERID of the command issuer is not always available to the IMSLSTC, but it is available to AUIAOE00.
- The overhead of IMSLSTC reading the IMS logs and RECONS is removed.
- Audited events are written immediately to the online log stream by AUIAOE00, rather than on at time interval, as is done by IMSLSTC. Therefore, the events appear at the Guardium appliance in real time.
- Just like AUILSTC, AUIAOE00 audits IMS Type-1 commands DBRECOVERY, DBDUMP, DBD Start/Stop/Lock/Unlock and PSB Start/Stop/Lock/Unlock. Also, like AUILSTC, AUIAOE00 audits IMS startup/shutdown and User logon/logoff. However, AUIAOE00 cannot audit Database Open/Close; AUILSTC must be used to audit those. The product can be configured such that AUILSTC audits only Database Open/Close, leaving the rest to AUIAOE00.
New IMS Operations Manager (OM) exit AUIOMECM is now available to audit Type-2 UPDATE commands for DB and PSB resources. It audits the UPDATE commands’ corresponding Type-1 DBRECOVERY, DBDUMP, START, STOP, LOCK, and UNLOCK commands whenever those commands are issued via IMS single point of control (SPOC). SPOC interfaces include ISPF, a batch job, or REXX. A SPOC program enables you to manage operations of all IMS systems within an IMSplex instead of using a master terminal for each individual IMS. With a SPOC program and IMS OM, you can issue commands to all members of an IMSplex at once. Prior to AUIOMECM, S-TAP IMS was not able to audit Type-2 and Type-1 commands entered from a SPOC interface.