//* //******************************************************************* //* THIS WILL READ THE SMF EXTRACT DATASET OF RACF RELATED SMF //* RECORDS (TYPES 30, 80, 81, 82, 83) AND USE THE SORT TOOL //* TO SORT THE DATA AND GENERATE A REPORT. //* //* THIS JOB WILL REPORT ALL USERIDS WHICH HAD AN EXCESSIVE //* NUMBER OF INCORRECT PASSWORDS AND TERMINALS WHERE EXCESSIVE //* PASSWORDS WERE ATTEMPTED. //* //******************************************************************* //REPORT EXEC PGM=ICETOOL //SMFDATA DD DISP=SHR,DSN=PROD.RACF.SMF.UNLOAD(0) //TEMP0001 DD DISP=(NEW,DELETE,DELETE),SPACE=(0,(1000,350)) //TEMP0002 DD DISP=(NEW,DELETE,DELETE),SPACE=(0,(1000,350)) //TEMP0003 DD DISP=(NEW,DELETE,DELETE),SPACE=(0,(1000,350)) //TOOLMSG DD SYSOUT=* //PRINT DD SYSOUT=(A,,STD),DEST=U0022,HOLD=YES //DFSMSG DD SYSOUT=* //SYSPRINT DD SYSOUT=* //SYSMSG DD SYSOUT=* //SYSOUT DD SYSOUT=* //SYSIN DD * /* //*------------------------------------------------------------------ //TOOLIN DD * COPY FROM(SMFDATA) TO(TEMP0001) USING(RACF) OCCURS FROM(TEMP0001) LIST(PRINT) - PAGE - TITLE('USERIDS WITH OVER 3 INCORRECT PASSWORDS') - DATE(YMD/) - TIME(12:) - BLANK - ON(63,8,CH) HEADER('USER ID') - ON(560,20,CH) HEADER('USER NAME') - ON(286,8,CH) HEADER('REGION') - ON(VALCNT) HEADER('NUMBER OF ATTEMPTS') - HIGHER(3) /* //*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - //* DEFINE REPORT CRITERIA //*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - //RACFCNTL DD * SORT FIELDS=(63,8,CH,A) INCLUDE COND=(5,8,CH,EQ,C'JOBINIT',AND, 14,8,CH,EQ,C'INVPSWD') OPTION VLSHRT /* // //* <--END-OF-JOB //* 32,10,CH,EQ,C'1999-12-21',AND, //**************************************************************** //* FOR A REPORT CONTAINING THE DETAIL RECORDS INSTEAD OF THE //* SUMMARY, MAKE THE FOLLOWING CHANGES ABOVE: //* //* - CHANGE 'OCCUR' TO 'DISPLAY' //* //* - REMOVE THE LINE "ON(VALCNT) HEADER('COUNT')" //* //* - INSERT THE LINE BEFORE "HEADER('DATE')" LINE: //* //* ON(23,8,CH) HEADER('TIME') - //* //* - REMOVE THE '-' AT THE END OF THE "HEADER('PROFILE')" STATEMENT //*