Introduction to BTS audit trails

You may want to create an audit trail for the BTS processes and activities that run in your CICS® systems. Doing so allows you to:

The CICS code contains BTS audit points in much the same way as it contains trace points. However, there are three main differences between audit records and trace entries:

  1. Trace entries are written to an internal trace table within the CICS address space. In contrast, the audit trail of a process is written to a CICS journal, which resides on an MVS™ logstream.
  2. Trace entries record the progress of tasks over a relatively short period of time, typically seconds, minutes, or hours. In contrast, the audit trail of a process can extend to days, weeks, or even months.
  3. Trace entries relate to activity in a single CICS region. In contrast, in a sysplex the execution of different parts of a process may take place on different regions within the sysplex. Therefore, each audit record contains system, date, and time information. Typically, an audit record for a BTS activity also contains:

    Because logstreams can be shared by more than one region, it is possible to write audit records from different regions to the same log.

There are four, incremental, auditing levels:

  1. None
  2. Process-level
  3. Activity-level
  4. Full.

How to specify the levels, and what they mean, is described in Specifying the level of audit logging.

Audit log records are written to an MVS logstream by the CICS Log Manager. You can read the records off-line using the CICS audit trail utility program, DFHATUP. DFHATUP allows you to:

You can use the CICS journal utility program, DFHJUP, to copy the audit logstream to a backup file and to delete the logstream. By editing the JCL used to run DFHATUP, you can make DFHATUP accept the backup file as input.

Audit records are buffered; they are written to the logstream only when the buffer is full or a syncpoint occurs. This means that, when multiple CICS regions share the same logstream, audit records may not be in exact date and time order.

Related concepts
Audit trail examples
Related tasks
Specifying the level of audit logging
Audit trail constraints--using DASD-only logstreams
Using the audit trail utility program, DFHATUP
[[ Contents Previous Page | Next Page Index ]]