Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Storage space requirements

&pagelevel(5)&pagelevel

Storage space requirements for SAT logging increase with the number of events to be audited. The number of events to be audited can be reduced if preselection of the events for auditing is carried out (see section “Selection procedure”). The definition of selection criteria thus enables the security administrator to exercise a considerable influence on the storage space requirements for SAT.

The volume of data actually logged depends on the size and workload of the installation and the range of applications involved. It is sound practice to determine the appropriate space allocation by means of test runs or with the aid of the SATUT statement //SHOW-STATISTICS (see SHOW-STATISTICS command).

The following example should provide a rough idea of how this works.

In the case of the default logging setting (i.e. no /MODIFY-SAT-PRESELECTION command was issued) and the audit attribute NONE for all FILE objects, the following average values were determined:

Length of an audit record: 75-80 bytes
Number of events logged: 700-800 events/MIP/hr
Required storage space: 30-35 PAM pages/MIP/hr

Above all the audit attributes of the FILE objects (see section “Selection procedure”) can influence the SAT storage space requirements, as events relating to FILE objects account for approximately 50% of all possible events. These events are logged in accordance with their results and audit attributes.

Storage saturation

In the event of storage space problems (no more space on public volumes), a corresponding DMS error prevents continuation of SAT logging. In order to prevent audit data being lost, SAT suspends the jobs that intended to write an audit record (macro VPASS see the “Executives Macros” manual [15]). Logging continues only for the users with the privileges SECURITY-ADMINISTRATION and SAT-FILE-MANAGEMENT, since their audit records are stored in class 5 memory until such time as the situation has returned to normal. If a /EXIT-JOB (resp. /LOGOFF) command is issued, the audit records of these user IDs are not lost and the command is executed as follows:

  • the connection to the terminal is closed

  • the task is not terminated until SATCP returns to logging mode

  • /SET-LOGON-PARAMETERS (resp. /LOGON) is rejected for nonprivileged users, that is to say all users except for those who have the SECURITY-ADMINISTRATION, SAT-FILE-MANAGEMENT or OPERATING privilege.

If the SAT status switches to NO-RESOURCE, a message indicating the nature of the problem involved is displayed at the console. The security administrator and SAT file management can take appropriate measures and logging is continued automatically.

Example

For “disk space saturation”:

/change-sat-file ... ,support=*public(...)

Jobs whose SATLOG records have been stored in class 5 memory while SATCP was in NO-RESOURCE status will under certain circumstances remain suspended even after the /HOLD-SAT-LOGGING command has been entered (VPASS macro, see the “Executives Macros” manual [15]). In this case, SATCP outputs a message at regular intervals which indicates this status. In order to resume processing the suspended jobs, it is additionally necessary to enter the /RESUME-SAT-LOGGING command.

Powered by Atlassian Confluence and Scroll Viewport.