Draft: [GTM-F170998] New V70005/zauditlog test for test $ZAUDITLOG() function for possible application audit logging and audit GDE facility
The $ZAUDITLOG() function establishes a connection via a socket and sends its argument to a logger/listener process. It requires setting the AZA_ENABLE audit logging facility in the $gtm_dist/restrict.txt file. The format for the $ZAUDITLOG() function is:
ZAUDITLOG(expr)
expr specifies the string to send for audit logging
$ZAUDITLOG() identifies its message with src=4, and like other GT.M logging facilities, records the location of GT.M distribution, uid, euid, pid, tty, and the command / argument(s).
A return of: TRUE (1) indicates successful logging, FALSE (0) indicates logging is not enabled; a trappable RESTRICTEDOP error indicates logging is enabled but not working.
If LGDE is specified as an option for the AZA_ENABLE facility, GDE logs all commands. GT.M ignores this option if specified with other A*_ENABLE audit logging facilities. When it fails to log a command, GDE issues a GDELOGFAIL error. The following table characterizes $ZAUDITLOG() and GDE audit logging behavior:
$ZAUDITLOG() / GDE logging Characteristics
AZA_ENABLE |
LGDE |
Logging success |
GDE audit logging |
$ZAUDITLOG() result |
---|---|---|---|---|
Yes | Yes | Yes | Yes | 1 |
Yes | No | Yes | No | 1 |
Yes | Yes | No | GDELOGFAIL error |
RESTRICTEDOP error |
Yes | No | No | No | RESTRICTEDOP error |
No | N/A | N/A | No | 0 |
Previously, GT.M did not support the $ZAUDITLOG() function. (GTM-F170998)