Log Types: ObjectAccess

Overview

ACF2 (Access Control Facility) is an access control security system for MVS, z/OS, VSE, z/VSE, VM and z/VM IBM mainframe operating systems. The Object Access log provides information roughly equivalent to “File Access” events on other operating systems.

Collection

Snare Central is able to collect ACF2 processed reports, via FTP transfer. The processed reports need to be transferred to a particular directory on the Snare Central server (/data/SnareCollect/ACF2Log). The reports will then be analysed and process by a scheduled Snare Central processes, on a daily basis.

Sample Events

# ACCESS DSNAME('CSC.SNARE.CNTL')
# ACCESS Subcommand Results For: CSC.SNARE.CNTL
# Key: CSC
# Ruleline: SNARE.CNTL UID(SYO A*AAZSWC) UNTIL(01/10/04) READ(A) EXEC(A)
# Lids: ZSWCFS ZSWCRSL ZSWCVS
# Ruleline: SNARE**.- UID(SC SCHDPSCFSCHD) READ(A) WRITE(A) ALLOC(A) EXEC(A) DATA(SNARE FTP JOB)
# Lids: PSCFSCHD

Fields

Field

Description

Field

Description

DATE

Event date, in the format YYYY-MM-DD

TIME

Event time, in the format HH:MM:SS

SYSTEM

The source system

TABLE

ObjectAccess

OBJECT

The object accessed

OWNER

The owner of the object

OWNERTYPE

The type of the owner

ACCESS

The access requested in RuleLine (eg: UID(SYO A*AAZSWC) UNTIL(01/10/04) READ(A) EXEC(A))

CAPABILITIES

Any capabilities specified in the Ruleline (eg: SNARE.CNTL)

SOURCE

ACF2Access

Notes

-