Log Types: ObjectAccess
Overview
ACF2 (Access Control Facility) is an access control security system for MVS, z/OS, VSE, z/VSE, VM and z/VM IBM mainframe operating systems. The Object Access log provides information roughly equivalent to “File Access” events on other operating systems.
Collection
Snare Central is able to collect ACF2 processed reports, via FTP transfer. The processed reports need to be transferred to a particular directory on the Snare Central server (/data/SnareCollect/ACF2Log). The reports will then be analysed and process by a scheduled Snare Central processes, on a daily basis.
Sample Events
# ACCESS DSNAME('CSC.SNARE.CNTL')
# ACCESS Subcommand Results For: CSC.SNARE.CNTL
# Key: CSC
# Ruleline: SNARE.CNTL UID(SYO A*AAZSWC) UNTIL(01/10/04) READ(A) EXEC(A)
# Lids: ZSWCFS ZSWCRSL ZSWCVS
# Ruleline: SNARE**.- UID(SC SCHDPSCFSCHD) READ(A) WRITE(A) ALLOC(A) EXEC(A) DATA(SNARE FTP JOB)
# Lids: PSCFSCHD
Fields
Field | Description |
---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | ObjectAccess |
OBJECT | The object accessed |
OWNER | The owner of the object |
OWNERTYPE | The type of the owner |
ACCESS | The access requested in RuleLine (eg: UID(SYO A*AAZSWC) UNTIL(01/10/04) READ(A) EXEC(A)) |
CAPABILITIES | Any capabilities specified in the Ruleline (eg: SNARE.CNTL) |
SOURCE | ACF2Access |
Notes
-