Security-related UTM events can be logged using the BS2000 function SAT (Security Audit Trail). SAT is used to audit unauthorized infiltration attempts, for example, thereby facilitating an immediate response to such events (alarm function). Any possible damage can thus be minimized or avoided altogether.

The prerequisites for implementing SAT logging are the BS2000 component SECOS and the subsystem SATCP. openUTM allows you to control SAT logging of UTM events for your application using the KDCDEF generation (see openUTM manual “Generating Applications”, MAX statement) and using UTM SAT administration functions (see "UTM SAT administration commands").

For a UTM application (generated with MAX ...,SECLEV=NO), SAT logging can be switched on in the UTM generation (MAX ...,SAT=ON) or using UTM SAT administration functions (KDCMSAT SAT=ON). With UTM SAT administration functions, logging can be switched off again at any time during operation (KDCMSAT SAT=OFF). When SAT logging is switched on, minimum logging is implemented.
Minimum logging covers the following UTM events:

• A task signs on to or off from the UTM application

• A UTM SAT administration command is entered

• Program components are exchanged using BLS

Other events can also be defined. The logging of these events can be switched on and off for specific events, specific users, and specific jobs. The predefinition of the events to be logged is called preselection (see "Preselection - defining the events to be logged"). Preselection can take place in the UTM generation and using UTM SAT administration functions.

The structure of SAT log records is described in the Appendix on "Structure of SAT log records".