IBM Security Z Security

 View Only
  • 1.  zSecure Access Monitor C2PAMMAP Processing

    Posted Wed June 03, 2020 07:55 AM
    Edited by Adam Klinger Wed June 03, 2020 07:59 AM
    Greetings, I've been using a customized C2PAMMAP on the daily access monitor files with good results.

    I'm looking to expand this to the monthly consolidation process with the though of having C2PAMMAP execute on the "rolling 12 month" dataset when populated instead of having to run C2PAMMAP manually on our monthly and yearly datasets each time I update it with new criteria as that's a bit cumbersome.

    Any thoughts on this approach, and the best place to possibly slide this processing into with maybe some rough examples of easily doing so?

    The sample "C2PJCONM" consolidation job executes sample REXX "C2PECDTE" so that's one place I suppose this can be customized to execute "C2PAMMAP", or the sample CARLa "C2PAMCON", or just a stand-alone job step.

    ------------------------------
    Adam Klinger
    ------------------------------


  • 2.  RE: zSecure Access Monitor C2PAMMAP Processing

    Posted Wed June 03, 2020 08:35 AM
    Edited by Tom Zeehandelaar Wed June 03, 2020 08:36 AM
    Hi Adam,

    did you happen to also checkout the zSecure Wiki on IBM Knowlegde Center.
    This Wiki contains a topic that is named "Consolidation of access monitor data", in section "CARLa sample programs" of the "Sample applications" .
    For your convenience, here's a link to that Wiki:

    https://www.ibm.com/support/knowledgecenter/SS2RWS_2.4.0/com.ibm.zsecure.doc_2.4.0/landing/zSecure_wiki.html

    Hope this helps.

    ------------------------------
    Tom Zeehandelaar
    z/OS Security Enablement Specialist - zSecure developer
    IBM
    Delft
    +31643351728
    ------------------------------



  • 3.  RE: zSecure Access Monitor C2PAMMAP Processing

    Posted Wed June 03, 2020 08:52 AM
    Yes, I did take a look at that which is why I got as far as I did!

    My question is more directly related to the "Apply data reduction to historical data" section which specifies "If you wish to apply data reduction to old consolidated files, you have to read those with a consolidation job like so:" with an example which works well enough.

    However I'm thinking there's a way to add this processing into either in CARLa "C2PAMCON" or REXX "C2PECDTE" to streamline this a bit more

    ------------------------------
    Adam Klinger
    ------------------------------



  • 4.  RE: zSecure Access Monitor C2PAMMAP Processing

    IBM Champion
    Posted Wed June 03, 2020 12:48 PM
    Edited by Rob van Hoboken Fri June 05, 2020 05:57 AM
    C2PAMCON is the lightning fast consolidation, using merge sort principles.  It does not allow modification of the key values, so C2PAMMAP is not included.
    You will have to use a job that calls C2PAMCMP to apply conversion rules from C2PAMMAP, filtering rules using C2PAMJOB, C2PAMPCL and C2PAMRCL, and finally consolidation.
    The (automatic) daily consolidation uses a 3rd variant, C2PAMCVT, as configured in the C2PAMP parm member.  This C2PAMCVT code intentionally does not apply conversions and filters, because those have already been applied in the data collection phase, C2PAMCOL.
    As I wrote several years ago in the Wiki pages that Tom pointed out, and copied into the User Reference Manual in section Consolidating data collected by Access Monitor, I prefer to have full control over my data set naming, space allocation, etc. using JCL, so I will always use explicit CARLa code along with C2PJCOND.  I would have my job scheduling system generate the dsnames for "last month" or use the Command Generator program available in the zSecure Wiki.
    Lastly, I have seen good value maintaining a year to day consolidation for the current year.  This seems to be easier for the analysts, rather that continuously switching between daily and monthly data sets.

    ------------------------------
    Rob van Hoboken
    ------------------------------