When I change the SUMMARY to SORTLIST and report on the CGINITCT field, I see zeros for all the connected groups, and a actual number for the DFLTGRP.
Would using the live RACF DB via the server make a difference versus a unload?
I will look into opening a case.
Original Message:
Sent: Tue May 14, 2024 05:42 AM
From: Jeroen Tiggelman
Subject: CGINITCT Reporting
That's odd. (I take it that you know that not all CGINITCTs are actually zeroes.)
I do not believe the allocation method of the databases can influence this.
It works for me. So I guess that if you want more diagnostics that probably requires opening a Case and sharing the databases oslt.
------------------------------
Jeroen Tiggelman
IBM - Software Development Manager IBM Security zSecure Suite
Delft
Original Message:
Sent: Fri May 10, 2024 10:33 AM
From: Linnea Sullivan
Subject: CGINITCT Reporting
I had to tweak it a little to run it successfully:
alloc type=racf active primary zsecnode=*
n n=initsum nopage header=column
s s=base c=user mask=rb1*
define cginitsum sum(cginitct)
summary ,
key(8),
dfltgrp(max),
cginitsum,
last_connect_date($date,max)
However the CGINITSUM is all zeros. I do get last connect dates that are accurate.
------------------------------
Linnea Sullivan
Original Message:
Sent: Fri May 10, 2024 04:10 AM
From: Rob van Hoboken
Subject: CGINITCT Reporting
I cannot try this at home but you might be able to sum up the CGINITCT to get an approximation of the number of logons per user like so
n n=initsum nopage header=column
s s=base c=user mask=rb1*
define cginitsum sum(cginitct)
summary ,
key(8),
max(dfltgrp),
cginitsum
This would add up the cginitct values from all the RACF input sources for the user ID. I have added a MAX( ) around dfltgrp, just in case the default group for your user IDs is not 100% consistent. MAX( ) turns this normal field into a statistic, so different values no longer cause a split up of the user ID's summary.
Let us know if this gives you a syntax error, or if it works ;-).
------------------------------
Rob van Hoboken
Original Message:
Sent: Thu May 09, 2024 09:40 AM
From: Linnea Sullivan
Subject: CGINITCT Reporting
So if on my ALLOC of the RACF DB, I did zsecnode=*, I will have an entry in the report for each node.
If I removed COMPLEX there is really no way for Carla to add the CGINITCT from all the nodes. Best I could do is used MAX to give me the largest count from the nodes.
Correct?
------------------------------
Linnea Sullivan
Original Message:
Sent: Tue May 07, 2024 10:54 AM
From: Rob van Hoboken
Subject: CGINITCT Reporting
Hi Linnea
CGINITCT is a neat way to estimate the number of logons for a user ID, well at least show a relative measure for the activity of an ID. Note that the connect group statistics are not propagated in an RRSF environment, so you will also have an idea where the ID authenticated.
Since only 1 group has the CGINITCT value set (most of the time), you can probably get away with sorting the count in reverse order, and showing only the first entry of the list, like so
n n=logonct required nopage header=column
s s=base c=user mask=rb1*
sortlist ,
key(8),
dfltgrp,
CGINITCT(sort(descending),firstonly),
complex
------------------------------
Rob van Hoboken
------------------------------