Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

SHOW-SELECTED-RECORDS Print selected records

&pagelevel(4)&pagelevel

The //SHOW-SELECTED-RECORDS statement is used to request output to SYSLST or an XML file of the records previously selected by means of the //START-SELECTION statement.

The records can be output either in full or in part, with only a specified part of their contents. A sort criterion may be used to arrange the records for output according to items of information that are always present.

SHOW-SELECTED-RECORDS

INFORMATION = *ALL-F IELDS / list-poss(100): <structured-name>

, SORT-CRITERION = *NONE / *USER-ID / *TSN / *EVT / *TIMESTP

, FROM-FILE = 0 / <integer 0..9>

, OUTPUT = *SYSLST (...)


*SYSLST (...)



|

LINES-PER-PAGE = 64 / <integer 20..255>

, XML-OUTPUT = *NONE / *STD / <filename 1..38 without-cat-gen-user>

INFORMATION =
This defines which information from the records is to be output.
EVT and TIMESTP and - if present - RES, TSN and USER-ID are always output for all records, irrespective of the values specified for the INFORMATION operand.

INFORMATION = *ALL-FIELDS
All records are to be output in full.

INFORMATION = list-poss(100):<structured-name>
This defines the field names of the information from the records whose contents are to be output (see “Table of auditable information (field names)”).

Since TIMESTP, TSN, USER-ID, RES and EVT are always output for all records, they must not be specified here.

SORT-CRITERION =
This defines the sort criterion for output of the records. 

If any sort criterion other than NONE is chosen, SAT requires work files in order to execute the sort operation.

SORT-CRITERION = *NONE
The records are not to be sorted according to a specific criterion.

SORT-CRITERION = *TIMESTP
The records are to be sorted by their time stamp.

SORT-CRITERION = *TSN
The records are to be sorted by TSN and time stamp.

SORT-CRITERION = *USER-ID
The records are to be sorted by user ID and time stamp.

SORT-CRITERION = *EVT
The records are to be sorted by event type and time stamp.

FROM-FILE = 0 / <integer 0..9>
Work file whose contents are to be output.

OUTPUT = *SYSLST(...)
The information is output to SYSLST.

LINES-PER-PAGE = 64 / <integer 20..255>
This defines the number of lines on an output page.

XML-OUTPUT =
Specifies whether the information is to be output to an XML file.

XML-OUTPUT = *NONE
No XML file is generated.

XML-OUTPUT = *STD
The information is output to a file in XML format. This file is created with the default name $SYSAUDIT.SYS.SATUT.yyyy-mm-dd.sss.nnn.XML, where:

yyyy-mm-dd

Creation date of the (temporally) first file of the input files from which the XML was generated

sss                

Session number

nnn

Sequence number of the file in the session (1..999)

XML-OUTPUT = <filename 1..38 without-cat-gen-user>
The information is output in XML format to a file with the specified name. 

If the file already exists, the user receives an inquiry in dialog mode asking whether the file should be overwritten. In a batch job the command is rejected and a message to this effect is issued.

Notes

  1. The contents of the work files (0 to 9) are not modified by this statement.

  2. The entries in CONSLOG files are converted into corresponding SATLOG records of the CLG or SKP type, as appropriate, before they are output.

  3. The filpos, curlim2 and maxlim2 fields are always output in the unit 512B (= multiple of 512 bytes).


Example

The contents of work file 0 are to be output to SYSLST. The time stamp is to be used as the sort criterion:

//show-selected-records sort-criterion=*timestmp, from-file=0, -
// output=*syslst

During generation of the SATLOG file, which forms the basis for this evaluation,
LOGGING-QUANTITY=*EXTENDED was activated.

Output format

SATUT                  V05.5A                        2018-03-30 12:18:11                                                PAGE       1
 PROCESSED  STATEMENT : SHOW-SELECTED-RECORDS
 ************************************************************************************************************************************
 INPUT-FILES OF STATEMENT :
                            :4V06:$SYSAUDIT.#SATUT.WORK-00.30.121743
        .
        .
        .
 SATUT                  V05.5A                        2018-03-30 12:18:11                                                PAGE       2
 PROCESSED  STATEMENT : SHOW-SELECTED-RECORDS
 ************************************************************************************************************************************
 EVT RES DATE     TIME   TSN  USER-ID
 ZBG  S  20180330 081317               NEWFILE= :4V06:$SYSAUDIT.SYS.SATLOG.2018-03-30.017.01       SYSID  = 117
                                       SYSNAM = F10BXS               SYSVERS= V140                 CONFNAM= 7.500- S140-10C
                                       REASON = STARTUP              CPUID  = 0902200185000000091220018500000000000000000000000000000
                                       0000000000000000000000000000000000000000000000000000000000000000000000000
                                       DODVERS= 04.0
 ZEP  S  20180330 081317               OBJ-EVT= ADO                  EVTAUD = NONE
 ZEP  S  20180330 081317               OBJ-EVT= ANY                  EVTAUD = NONE
        .
        .
        .
 UAD  S  20180330 121446 0AQ4 TSOS     GROUPID= *UNI                 OBJ-UID= EMIL                 CATID  = 4V06
                                       UPARUS = (                    TOTAL_LENGTH =   261(0105) /  Layout: ASS-Macro SJMCHKZ (manual
                                       System Exits) )
           0000  01C5D4C9 D3404040 40024040 40404040  40400301 5CE2C5C3 D9C5E340 00000000   .EMIL    .        ..*SECRET ....
           0020  00000000 05030600 07000008 F4E5F0F6  09020A01 01010B02 0C020D02 0E011000   ............4V06................
           0040  101100FF FFFF147F FF150064 16011740  18404040 40404040 40404040 40404040   ...~~~."~...... .
           0060  40404040 40404040 40404040 40404040  40404040 40404040 40404040 40404040
           0080  40404040 40404040 40404040 40404040  40194040 40404040 40404040 40404040                    .
           00A0  40404040 40404040 40404040 40404040  40404040 40404040 40404040 40404040
           00C0  40404040 40404040 2500FFFF FF2700FF  FFFF237F FFFFFF2A 0129C5C4 C6F0F3C9           ..~~~..~~~."~~~...EDF03I
           00E0  D9E52C01 30013101 1AF1F2F3 F4F54040  401B021C 021D021E 011F0000 FFFF20D2   RV.......12345   ...........~~.K
           0100  21002B02 FF                                                                ....~
        .
        .
        .
 JED  S  20180330 121513 0AQ4 TSOS     GROUPID= *UNI                 ENDTYPE= NORMAL               ENDREAS= LOGOFF
 UCK  S  20180330 121542 0AQ7 EMIL     OBJ-UID= EMIL                 STATION= BT200476             PROCNAM= D016ZE04
                                       CHKMODE= DIALOG               REJR   = 00000000
 JDE  S  20180330 121542 0AQ7 EMIL     GROUPID= *UNI                 STATION= $$$01124             PROCNAM= PGTR0071
 FRD  S  20180330 121543 0AQ7 EMIL     GROUPID= *UNI                 FILNAME= :4V06:$TSOS.BULLETIN AUDITAT= NONE
                                       ACCESS = INPUT
 FCL  S  20180330 121543 0AQ7 EMIL     GROUPID= *UNI                 FILNAME= :4V06:$TSOS.BULLETIN AUDITAT= NONE

The output for the UAD event (“Add user ID”) contains a parameter list, in this case the list for the ADD-USER command. The character string “*SECRET“ in this output is entered by SATCP in the SATLOG record in place of the password which is contained in this parameter list.

Evaluation notes for *LNG fields in SATLOG records

In order to be able to recognize unauthorized intervention in computer center operation even better, for certain events the contents of the parameter list via which the event was initiated are additionally recorded. The recording only takes place if the operand LOGGING-QUANTITY=*EXTENDED was specified for the preselection in SATCP. Since parameter lists can generally be longer than 255 bytes, they are recorded in the form of *LNG fields (see section “Structure of the SATLOG files”).

*LNG fields are edited in hexadecimal and character form by SATUT. The corresponding interface macros (MF=D) must generally be used for evaluation of the parameter list. In the relevant field description, SATUT provides brief information on the basis of which the contents of the parameter list can be evaluated.

If a macro is specified for an interface description, then the macro will normally be contained in the library $TSOS.MACROLIB.

If the contents of a parameter list exceed the capacity of a SATLOG record, the parameter list is split over several SATLOG records. All the subrecords of such a SATLOG record contain the same information in their fixed part, so evaluation of each subrecord by SATUT is possible.

As a result of asynchronous processing in SATCP, the sequence of the subrecords in the SATLOG file is not guaranteed. When evaluation by SATUT is performed, sorting may be necessary. SATUT indicates in the field description which part of the field is listed. The last component part of a SATLOG record is identified by the character string “LAST” instead of a number. In addition, the displacement from the beginning of the parameter list is output.

Example

The following output contains a parameter list which has been split over two SATLOG subrecords. In the first subrecord (LOG_REC_PART = 1) the first 928 bytes of the parameter list are displayed (displacement 0000 through 039F), and in the second and last part the remaining 342 bytes (displacement 03A0 through 04F5).

SATUT                  V05.5A                        2018-03-09 13:47:06                                                PAGE       1
PROCESSED  STATEMENT : SHOW-SELECTED-RECORDS
************************************************************************************************************************************
INPUT-FILES OF STATEMENT :
                           :3V26:$SYSAUDIT.#SATUT.WORK-00.09.134605
SATUT                  V05.5A                        2018-03-09 13:47:06                                                PAGE       2
PROCESSED  STATEMENT : SHOW-SELECTED-RECORDS
************************************************************************************************************************************
EVT RES DATE     TIME   TSN  USER-ID
ZBG  S  20180307 073630               NEWFILE= :3V26:$SYSAUDIT.SYS.SATLOG.2018-03-07.063.01       SYSID  = 142
                                      SYSNAM = E12BXS               SYSVERS= V140                 CONFNAM= 7.500- S140-10C
                                      REASON = STARTUP              CPUID  = 0902200185000000091220018500000000000000000000000000000
                                      0000000000000000000000000000000000000000000000000000000000000000000000000
                                      DODVERS= 04.0
ZEP  S  20180307 073630               OBJ-EVT= ADO                  EVTAUD = NONE
ZEP  S  20180307 073630               OBJ-EVT= ANY                  EVTAUD = NONE
       .
       .
       .
UML  S  20180307 144337 0GM6 TSOS     ( LOG_REC_PART =    1 )       GROUPID= *UNI                 OBJ-UID= USER1
                                      CATID  = 3V26                 PARLOG = (                    TOTAL_LENGTH =  1032(0408) /
                                      CUR_LEN = 03A0 /  OFFSET = 0000 /  Layout: ASS-Macro SRMLCC MF=D )
          0000  40404040 40404040 80000000 8040000A  18548000 08000000 03015CE2 C5C3D9C5           ..... ............*SECRE
          0020  E3400000 00000000 0000FF00 FF000000  0007000A 00380000 03D00000 E4E2C5D9   T ........~.~...............USER
          0040  F1404040 00000000 00000000 00000014  0040006C 00F00106 0124013A 01BE01D4   1   ............. .%.0.........M
          0060  01F20208 0274029E 02C802EA 030C032E  03500372 039403B2 7F7FFCAF 000201B0   .2.......H.......&...m..""......
          0080  F2F0F1F7 60F0F560 F0F6005A 0001F2F0  F1F860F0 F360F0F9 000F001E FFFF8FFF   2017-05-06.!..2018-03-09....~~.~
          00A0  FE000000 00000010 D7D9D6C3 C5E2E2C1  E2E3C1E3 C9D6D5C1 D7D9D6C3 C5E2E2C3   ........PROCESSASTATIONAPROCESSC
          00C0  E2E3C1E3 C9D6D5C3 D7D9D6C3 C5E2E2C5  E2E3C1E3 C9D6D5C5 D7D9D6C3 C5E2E2C7   STATIONCPROCESSESTATIONEPROCESSG
          00E0  E2E3C1E3 C9D6D5C7 D7D9D6C3 C5E2E2F1  E2E3C1E3 C9D6D5F1 D7D9D6C3 C5E2E2F3   STATIONGPROCESS1STATION1PROCESS3
          0100  E2E3C1E3 C9D6D5F3 D7D9D6C3 C5E2E2F5  E2E3C1E3 C9D6D5F5 D7D9D6C3 C5E2E2F7   STATION3PROCESS5STATION5PROCESS7
          0120  E2E3C1E3 C9D6D5F7 00000000 00100000  00000000 00000000 00000000 00C10000   STATION7.....................A..
          0140  00000008 E4E2C5D9 C9C4F140 E4E2C5D9  C9C4F340 E4E2C5D9 C9C4F540 00000000   ....USERID1 USERID3 USERID5 ....
          0160  00100000 00000000 00000000 00000000  00C20000 0010D7D9 D6C3C5E2 E2C2E2E3   .................B....PROCESSBST
          0180  C1E3C9D6 D5C2D7D9 D6C3C5E2 E2C4E2E3  C1E3C9D6 D5C4D7D9 D6C3C5E2 E2C6E2E3   ATIONBPROCESSDSTATIONDPROCESSFST
          01A0  C1E3C9D6 D5C6D7D9 D6C3C5E2 E2C8E2E3  C1E3C9D6 D5C8D7D9 D6C3C5E2 E2F2E2E3   ATIONFPROCESSHSTATIONHPROCESS2ST
          01C0  C1E3C9D6 D5F2D7D9 D6C3C5E2 E2F4E2E3  C1E3C9D6 D5F4D7D9 D6C3C5E2 E2F6E2E3   ATION2PROCESS4STATION4PROCESS6ST
          01E0  C1E3C9D6 D5F6D7D9 D6C3C5E2 E2F8E2E3  C1E3C9D6 D5F80000 00000010 00000000   ATION6PROCESS8STATION8..........
          0200  00000000 00000000 000000C3 00000000  0008E4E2 C5D9C9C4 F240E4E2 C5D9C9C4   ...........C......USERID2 USERID
          0220  F440E4E2 C5D9C9C4 F6400000 00000010  00000000 00000000 00000000 000000C4   4 USERID6 .....................D
          0240  5BE3E2D6 E24BC7E4 C1D9C4F1 40404040  40405BE3 E2D6E24B C7E4C1D9 C4F24040   $TSOS.GUARD1      $TSOS.GUARD2
          0260  40404040 5BE3E2D6 E24BC7E4 C1D9C4F3  40404040 40405BE3 E2D6E24B C7E4C1D9       $TSOS.GUARD3      $TSOS.GUAR
          0280  C4F44040 40404040 5BE3E2D6 E24BC7E4  C1D9C4F5 40404040 40405BE3 E2D6E24B   D4      $TSOS.GUARD5      $TSOS.
          02A0  C7E4C1D9 C4F64040 40404040 03000000  00090CE3 C5D9D4E2 C5E3F10C E3C5D9D4   GUARD6      .......TERMSET1.TERM
          02C0  E2C5E3F3 0CE3C5D9 D4E2C5E3 F50CE3C5  D9D4E2C5 E3F70400 00000009 0CE3C5D9   SET3.TERMSET5.TERMSET7.......TER
          02E0  D4E2C5E3 F20CE3C5 D9D4E2C5 E3F40CE3  C5D9D4E2 C5E3F60C E3C5D9D4 E2C5E3F8   MSET2.TERMSET4.TERMSET6.TERMSET8
          0300  03000000 00090CE3 C5D9D4E2 C5E3F10C  E3C5D9D4 E2C5E3F2 0CE3C5D9 D4E2C5E3   .......TERMSET1.TERMSET2.TERMSET
          0320  F3000400 00000009 0CE3C5D9 D4E2C5E3  F40CE3C5 D9D4E2C5 E3F50CE3 C5D9D4E2   3........TERMSET4.TERMSET5.TERMS
          0340  C5E3F600 03000000 00090CE3 C5D9D4E2  C5E3F20C E3C5D9D4 E2C5E3F4 0CE3C5D9   ET6........TERMSET2.TERMSET4.TER
          0360  D4E2C5E3 F6000400 00000009 0CE3C5D9  D4E2C5E3 F30CE3C5 D9D4E2C5 E3F50CE3   MSET6........TERMSET3.TERMSET5.T
          0380  C5D9D4E2 C5E3F700 03000000 00090CE3  C5D9D4E2 C5E3F40C E3C5D9D4 E2C5E3F5   ERMSET7........TERMSET4.TERMSET5
UML  S  20180307 144337 0GM6 TSOS     ( LOG_REC_PART = LAST )       GROUPID= *UNI                 PARLOG = (
                                      TOTAL_LENGTH =  1032(0408) /  CUR_LEN = 0068 /  OFFSET = 03A0 /  Layout: ASS-Macro SRMLCC MF=D
                                       )
          03A0  0CE3C5D9 D4E2C5E3 F6000400 00000009  0CE3C5D9 D4E2C5E3 F70CE3C5 D9D4E2C5   .TERMSET6........TERMSET7.TERMSE
          03C0  E3F80CE3 C5D9D4E2 C5E3F900 00000000  00080000 000A0000 00140000 001E0000   T8.TERMSET9.....................
          03E0  00280000 00320000 003C0000 00000008  00000046 00000050 0000005A 00000064   .......................&...!....
          0400  0000006E 00000078                                                          ...>....
Powered by Atlassian Confluence and Scroll Viewport.