C2PAMCON is the lightning fast consolidation, using
merge sort principles. It does not allow modification of the key values, so C2PAMMAP is not included.
You will have to use a job that calls C2PAMCMP to apply conversion rules from C2PAMMAP, filtering rules using C2PAMJOB, C2PAMPCL and C2PAMRCL, and finally consolidation.
The (automatic) daily consolidation uses a 3rd variant, C2PAMCVT, as configured in the C2PAMP parm member. This C2PAMCVT code intentionally does not apply conversions and filters, because those have already been applied in the data collection phase, C2PAMCOL.
As I wrote several years ago in the Wiki pages that Tom pointed out, and copied into the User Reference Manual in section
Consolidating data collected by Access Monitor, I prefer to have full control over my data set naming, space allocation, etc. using JCL, so I will always use explicit CARLa code along with C2PJCOND. I would have my job scheduling system generate the dsnames for "last month" or use the Command Generator program available in the zSecure Wiki.
Lastly, I have seen good value maintaining a
year to day consolidation for the current year. This seems to be easier for the
analysts, rather that continuously switching between daily and monthly data sets.
------------------------------
Rob van Hoboken
------------------------------
Original Message:
Sent: Wed June 03, 2020 08:52 AM
From: Adam Klinger
Subject: zSecure Access Monitor C2PAMMAP Processing
Yes, I did take a look at that which is why I got as far as I did!
My question is more directly related to the "Apply data reduction to historical data" section which specifies "If you wish to apply data reduction to old consolidated files, you have to read those with a consolidation job like so:" with an example which works well enough.
However I'm thinking there's a way to add this processing into either in CARLa "C2PAMCON" or REXX "C2PECDTE" to streamline this a bit more
------------------------------
Adam Klinger
Original Message:
Sent: Wed June 03, 2020 08:35 AM
From: Tom Zeehandelaar
Subject: zSecure Access Monitor C2PAMMAP Processing
Hi Adam,
did you happen to also checkout the zSecure Wiki on IBM Knowlegde Center.
This Wiki contains a topic that is named "Consolidation of access monitor data", in section "CARLa sample programs" of the "Sample applications" .
For your convenience, here's a link to that Wiki:
https://www.ibm.com/support/knowledgecenter/SS2RWS_2.4.0/com.ibm.zsecure.doc_2.4.0/landing/zSecure_wiki.html
Hope this helps.
------------------------------
Tom Zeehandelaar
z/OS Security Enablement Specialist - zSecure developer
IBM
Delft
+31643351728
Original Message:
Sent: Wed June 03, 2020 07:55 AM
From: Adam Klinger
Subject: zSecure Access Monitor C2PAMMAP Processing
Greetings, I've been using a customized C2PAMMAP on the daily access monitor files with good results.
I'm looking to expand this to the monthly consolidation process with the though of having C2PAMMAP execute on the "rolling 12 month" dataset when populated instead of having to run C2PAMMAP manually on our monthly and yearly datasets each time I update it with new criteria as that's a bit cumbersome.
Any thoughts on this approach, and the best place to possibly slide this processing into with maybe some rough examples of easily doing so?
The sample "C2PJCONM" consolidation job executes sample REXX "C2PECDTE" so that's one place I suppose this can be customized to execute "C2PAMMAP", or the sample CARLa "C2PAMCON", or just a stand-alone job step.
------------------------------
Adam Klinger
------------------------------