There are a few companies that have SMF logger offload directly to something like splunk for access logging as well as moving security logs off platform.
User ID + system iD + date + time should work for being unique. Smart comes to mind.. but I know there are others. HTH Rob Schramm On Sat, Jul 15, 2017, 1:41 PM Edward Gould <[email protected]> wrote: > > On Jul 14, 2017, at 7:37 PM, Charles Mills <[email protected]> wrote: > > > > "log user actions and tie said actions back to that user via a unique > > identifier" > > > > That is not intrusion detection. Intrusion detection is a good thing, > but it > > is basically looking for outsiders trying to get in. (Loosely speaking.) > Not > > known users doing good and occasionally bad things. > > > > <commercial plug> > > > > > https://correlog.com/mainframe-security-solutions/sas-correlog-mainframe/ > <https://correlog.com/mainframe-security-solutions/sas-correlog-mainframe/ > > > > + > > https://correlog.com/software/download-czdash-rcpt.html < > https://correlog.com/software/download-czdash-rcpt.html> > > > > Does exactly what you describe > > Charles, > > I went to the url you supplied: > https://correlog.com/mainframe-security-solutions/sas-correlog-mainframe/ > <https://correlog.com/mainframe-security-solutions/sas-correlog-mainframe/ > > > > and got this: > > Internal Server Error > > The server encountered an internal error or misconfiguration and was > unable to complete your request. > > Please contact the server administrator at [email protected] to > inform them of the time this error occurred, and the actions you performed > just before this error. > > More information about this error may be available in the server error log. > > Additionally, a 500 Internal Server Error error was encountered while > trying to use an ErrorDocument to handle the request. > > > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- Rob Schramm ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
