The selected records can be output in the following ways:
in readable form to SYSLST or an XML file (//SHOW-SELECTED-RECORDS)
in statistical form to SYSOUT or SYSLST (//SHOW-STATISTICS)
in their original form to reduced SAT logging files with standard names (replacement files) or without standard names (analysis files) (//SAVE-SELECTED-RECORDS)
SATUT creates two types of reduced SAT logging files for archiving and analysis of security-relevant data: replacement files and analysis files.
Replacement files and analysis files contain the same kind of information. They are the result of one or more selection processes in a SATUT session.They differ in terms of their intended use and their nomenclature.
In addition to the user data both types of file contain additional information which can be output by means of the //SHOW-REDUCTION-FILES-ORIGIN statement:
date of file creation
the selection condition
the input files from which the records were selected
Replacement files
Replacement files contain the security-relevant information from the input files selected by SAT file management or SAT file evaluation for archiving.
Replacement files are used for storing security-relevant audit records (SATLOG and also in converted form CONSLOG) and, if appropriate, input again in another evaluation run.
These files normally replace the input files from which they were generated. The SAT file manager or SAT file evaluator can decide whether to delete the input files when a replacement file is created, if dealing here exclusively with SATLOG files.
When replacement files replace the input files they should always replace complete SATLOG files or replacement files.
A replacement file is stored under the SYSAUDIT user ID with the SAVE-SELECTED-RECORDS statement. In that case the SATUT session must also be running under SYSAUDIT.
Replacement files have a standard name:
$SYSAUDIT.SYS.SATUT.yyyy-mm-dd.sss.nnn where:
yyyy-mm-dd | creation date of the first (i.e. “oldest”) of the input files used to produce the replacement file. The input files may be: SATLOG files, replacement files, CONSLOG files |
sss | session number |
nnn | sequence number of the file (001..999) |
Analysis files
Analysis files contain the security-relevant information from the input files which have been selected for analysis by SAT file management or SAT file evaluation.
Analysis files are used for the decentralized analysis of security-relevant audit records (SATLOG and also in converted form CONSLOG).
Analysis files do not replace the input files from which they are generated.
The //SAVE-SELECTED RECORDS statement is used to store an analysis file under the user ID under which the SATUT session is running.
In contrast with a replacement file, therefore, an analysis file can be created under any other user ID with the SAT-FILE-MANAGEMENT or SAT-FILE-EVALUATION privilege.
Any name can be chosen for analysis files.