We have a requirement to produce a list of RACF changes on a daily basis. So we are using SMF data and Command Logger data to accomplish that task. The only reason for the command logger data is that our administrators are supposedly entering in ticket and description information.
Since our environment has a number of LPARs, we capture all the RACF changes from all the LPARs and merge them into one report. With SMF I can look at CMCSRC and exclude commands that were executed due to RRSF propagation. However my change file still has lots of duplicate records due to Command Logger. Is there a field on the command logger record that tells me that command was not entered locally, but was processed on that LPAR due to RRSF propagation?
See I need to collect the data from every system, because of the chance an administrator issued a command with ONLYAT. When I goto zsecure IN.D I do not think I see data in the record that indicates the command was propagated from another system.
Is there a way to determine if the command was issued locally or was propagated?
------------------------------
Linnea Sullivan
------------------------------