CVTAUDLOG3 -- Convert Audit Log 3 - Continuous Conversion

CVTAUDLOG3 CONVERT AUDIT LOG 3 TAASEDW
The Convert Audit Log 3 command is designed to convert the Audit Log entries as they are written to the Audit journal in a continuous operation. The command should be submitted to batch, but remains active and acts like an interactive job. A delay time parameter exists to provide for a periodic wakeup of the function. CVTAUDLOG3 is an alternate conversion method instead of the CVTAUDLOG command which is part of the AUDLOG tool. An option exists to send a message immediately to a specified message queue based on the Journal Code/Type/SubType that has occurred. See the later section on 'Immediate Message'. The AUDLOG tool must be used to create the required files (CRTAUDLOG command). The user of CVTAUDLOG3 must be authorized to the TAAAUDLOG authorization list. A typical use of CVTAUDLOG3 would be to submit the command to the QINTER job queue (the job acts as an interactive job). SBMJOB JOB(CVTAUDLOG) CMD(CVTAUDLOG3 AUDLOGLIB(xxx)) JOBQ(QINTER) The CVTAUDLOG3 command begins by using CVTAUDLOG which is a batch like function to catch up with any entries that exist in the journal. No messages will be sent for any entries that exist at that time. CVTAUDLOG3 then uses the TAA Tool MTNJRN to change to a new journal receiver. RCVJRNE is then used with an exit program to convert the journal entry and write it to the AUDLOGP file. The default delay time on CVTAUDLOG3 is 27 seconds. This means that the command wakes up every 27 seconds and converts any new entries. Therefore, the DSPAUDLOG command (part of the AUDLOG tool) may not find any audit entries that have occurred in the last 27 seconds. You may set a smaller or larger delay time. Ending the Submitted Job ------------------------ You may end the job by entering ENDJOB for the job and specifying a delay time that is greater than the DLYTIM specified on CVTAUDLOG3. This should cause the job to end normally. Working in Conjunction with CVTAUDLOG ------------------------------------- You may use both CVTAUDLOG and CVTAUDLOG3 to convert journal entries, but not at the same time. The commands allocate the AUDLOGP file to SHRNUP. This prevents a potential conflict between the two functions (CVTAUDLOG2 which allows conversion of journal entries from other systems uses the default SHRUPD lock, but cannot be run when either CVTAUDLOG or CVTAUDLOG3 is in use). Changing receivers while CVTAUDLOG3 is active --------------------------------------------- If the receiver is changed while CVTAUDLOG3 is active, no entries will be lost. You may delete a receiver that is not active while CVTAUDLOG3. Need to shutdown the CVTAUDLOG3 command --------------------------------------- The CVTAUDLOG3 cannot be used on a continuous basis. You will need to shut down the function for the following typical situations: Backup of the AUDLOGP file - the file cannot be saved if it is open for update unless save while active is specified. MTNAUDLOG usage - when you maintain the AUDLOGP file to remove old entries. CVTAUDLOG2 usage - for converting entries from other systems. This is an optional function and may not be required. Immediate Message ----------------- You may send a message to a specified message queue based on the 4 character JournalCode/EntryType/SubType that has been sent to the QAUDJRN journal. The message will occur when the data base record is written. The following steps are needed to achieve this: Use EDTAPPVAL APPVAL(TAASECURE/CVTAUDLOG3) and enter a message queue name and library that will receive the messages. Use EDTCONARR DTAARA(TAASECURE/CVTAUDLOG3) and enter the 4 character code into the subfile display. The 4 character code can be seen on the DSPAUDLOG display using the columns 'Cde', 'Ent', and 'Sub'. For example, if Cde=T, Ent=AF, and Sub=A, enter a 4 character code as TAFA. The entries must be in upper case such as: TAFA TAFK The message queue you specify should be in BREAK mode. The message will contain the 4 characters, the user, and the sequence number from the journal entry. When the CVTAUDLOG3 program begins, it creates an array of the entries you have specified. When an entry occurs, an array lookup occurs to see if a message should be sent. If you add an entry, you must end the CVTAUDLOG3 function and restart it. Performance ----------- The overall impact on the system for CVTAUDLOG3 is more than CVTAUDLOG. You may improve the performance of CVTAUDLOG3 by using a larger DLYTIM value. A good method of determining the impact of performance is to use the JOBACG tool. Use CVTAUDLOG3 for awhile, end the job, start it again and then look at the performance information of the job using DSPACGRCD. If you feel the amount of CPU time is excessive for your system, you should consider CVTAUDLOG instead. Security -------- The user of the CVTAUDLOG3 command must be authorized to the TAAAUDLOG authorization list. This authorization list is provided by the AUDLOG tool and is also required for CVTAUDLOG and CVTAUDLOG2. Command parameters CMD ------------------ AUDLOGLIB The name of the library where the Audit Log files exist. The default is LIBL. CURLIB may also be used. DLYTIM The number of seconds to delay when there are no more entries to convert. The default is 27 seconds. Restrictions ------------ None. Prerequisites ------------- The following TAA Tools must be on your system: AUDLOG Audit log EDTVAR Edit variable HLRMVMSG HLL Remove message RTVAPPVAL Retrieve application value RTVSYSVAL3 Retrieve system value 3 SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. You must have used the AUDLOG tool to create the required files. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CVTAUDLOG3 CMD TAASEDW QATTCMD TAASEDWC PGM CLP TAASEDWC QATTCL TAASEDWC2 PGM CLP TAASEDWC2 QATTCL TAASEDWR PGM RPGLE TAASEDWR QATTRPG The CVTAUDLOG3 data area and the CVTAUDLOG3 Application Value (*USRSPC) exist in TAASECURE.

CVTAUDLOG3      CONVERT AUDIT LOG 3                   TAASEDW


The Convert Audit  Log 3 command is  designed to convert the  Audit Log
entries  as they  are  written to  the  Audit journal  in  a continuous
operation.    The command  should be  submitted  to batch,  but remains
active and  acts  like an  interactive  job.   A delay  time  parameter
exists to  provide for a periodic  wakeup of the  function.  CVTAUDLOG3
is  an alternate  conversion  method instead  of the  CVTAUDLOG command
which is part of the AUDLOG tool.

An option exists to send  a message immediately to a specified  message
queue based  on the Journal Code/Type/SubType  that has occurred.   See
the later section on 'Immediate Message'.

The  AUDLOG tool must be  used to create the  required files (CRTAUDLOG
command).

The  user  of   CVTAUDLOG3  must   be  authorized   to  the   TAAAUDLOG
authorization list.

A typical  use of  CVTAUDLOG3 would  be to  submit the  command to  the
QINTER job queue (the job acts as an interactive job).

             SBMJOB   JOB(CVTAUDLOG) CMD(CVTAUDLOG3 AUDLOGLIB(xxx))
                        JOBQ(QINTER)

The  CVTAUDLOG3 command  begins  by using  CVTAUDLOG which  is  a batch
like  function to catch up with any  entries that exist in the journal.
No messages will be sent for any entries that exist at that time.

CVTAUDLOG3 then uses  the TAA Tool  MTNJRN to change  to a new  journal
receiver.

RCVJRNE  is then  used  with an  exit  program to  convert the  journal
entry and write it to the AUDLOGP file.

The  default delay time on  CVTAUDLOG3 is 27 seconds.   This means that
the command wakes  up every 27  seconds and converts  any new  entries.
Therefore, the  DSPAUDLOG command  (part of  the AUDLOG  tool) may  not
find any audit entries that have occurred in the last 27 seconds.

You may set a smaller or larger delay time.

Ending the Submitted Job
------------------------

You  may end the job  by entering ENDJOB  for the job  and specifying a
delay time that  is greater  than the DLYTIM  specified on  CVTAUDLOG3.
This should cause the job to end normally.

Working in Conjunction with CVTAUDLOG
-------------------------------------

You may use both  CVTAUDLOG and CVTAUDLOG3 to convert  journal entries,
but not  at the same time.   The commands allocate the  AUDLOGP file to
*SHRNUP.     This  prevents  a   potential  conflict  between  the  two
functions (CVTAUDLOG2 which allows  conversion of journal entries  from
other systems  uses the  default *SHRUPD lock,  but cannot be  run when
either CVTAUDLOG or CVTAUDLOG3 is in use).

Changing receivers while CVTAUDLOG3 is active
---------------------------------------------

If  the  receiver is  changed while  CVTAUDLOG3  is active,  no entries
will be lost.

You may delete a receiver that is not active while CVTAUDLOG3.

Need to shutdown the CVTAUDLOG3 command
---------------------------------------

The CVTAUDLOG3 cannot  be used on  a continuous basis.   You will  need
to shut down the function for the following typical situations:

  **   Backup of the AUDLOGP  file - the file cannot be saved  if it is
       open for update unless save while active is specified.

  **   MTNAUDLOG usage  - when you maintain the  AUDLOGP file to remove
       old entries.

  **   CVTAUDLOG2 usage -  for converting entries  from other  systems.
       This is an optional function and may not be required.

Immediate Message
-----------------

You may  send a message  to a  specified message queue  based on the  4
character  JournalCode/EntryType/SubType  that  has  been sent  to  the
QAUDJRN  journal.  The message will occur  when the data base record is
written.  The following steps are needed to achieve this:

  **   Use EDTAPPVAL APPVAL(TAASECURE/CVTAUDLOG3)  and enter a  message
       queue name and library that will receive the messages.

  **   Use  EDTCONARR  DTAARA(TAASECURE/CVTAUDLOG3)  and  enter  the  4
       character  code into the subfile display.   The 4 character code
       can be seen  on the DSPAUDLOG display  using the columns  'Cde',
       'Ent', and  'Sub'.   For example, if  Cde=T, Ent=AF,  and Sub=A,
       enter  a 4  character  code as  TAFA.   The entries  must  be in
       upper case such as:

             TAFA
             TAFK

  **   The message queue  you specify should  be in *BREAK  mode.   The
       message  will  contain  the 4  characters,  the  user,  and  the
       sequence number from the journal entry.

When  the  CVTAUDLOG3  program  begins,  it  creates an  array  of  the
entries  you have  specified.   When an  entry occurs, an  array lookup
occurs to see if  a message should be sent.   If you add an  entry, you
must end the CVTAUDLOG3 function and restart it.

Performance
-----------

The  overall  impact  on  the   system  for  CVTAUDLOG3  is  more  than
CVTAUDLOG.   You may improve  the performance of  CVTAUDLOG3 by using a
larger DLYTIM value.

A good method of  determining the impact of  performance is to use  the
JOBACG tool.   Use CVTAUDLOG3 for awhile,  end the job, start  it again
and  then  look  at  the  performance  information  of  the  job  using
DSPACGRCD.  If you feel  the amount of CPU  time is excessive for  your
system, you should consider CVTAUDLOG instead.

Security
--------

The  user  of  the  CVTAUDLOG3  command  must   be  authorized  to  the
TAAAUDLOG authorization  list.  This authorization list  is provided by
the AUDLOG tool and is also required for CVTAUDLOG and CVTAUDLOG2.

Command parameters                                    *CMD
------------------

   AUDLOGLIB     The  name  of the  library where  the Audit  Log files
                 exist.   The default is  *LIBL.   *CURLIB may also  be
                 used.

   DLYTIM        The  number of  seconds  to delay  when  there are  no
                 more  entries to convert.  The  default is 27 seconds.

Restrictions
------------

None.

Prerequisites
-------------

The following TAA Tools must be on your system:

     AUDLOG          Audit log
     EDTVAR          Edit variable
     HLRMVMSG        HLL Remove message
     RTVAPPVAL       Retrieve application value
     RTVSYSVAL3      Retrieve system value 3
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is  ready to use.   You must  have used the AUDLOG  tool
to create the required files.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CVTAUDLOG3    *CMD                   TAASEDW       QATTCMD
   TAASEDWC      *PGM       CLP         TAASEDWC      QATTCL
   TAASEDWC2     *PGM       CLP         TAASEDWC2     QATTCL
   TAASEDWR      *PGM       RPGLE       TAASEDWR      QATTRPG

The  CVTAUDLOG3  data   area  and  the  CVTAUDLOG3   Application  Value
(*USRSPC) exist in TAASECURE.

Added to TAA Productivity tools October 1, 1997

Home Page

Up to Top