Many components of TCPIP write information to syslogd. This is a process that captures the data sent to it over a UDP socket, and writes it to files in the Unix file system. If the syslogd is not active then messages may be written to the job log. When I was trying to set up AT-TLS, I had 10s of messages on the job log, each time a client tried to use AT-TLS.
You need to configure the syslogd procedure.
See if SYSLOGD is running, if not, try to start it. If it does not exist…
- Copy /usr/lpp/tcpip/samples/syslog.conf to its default configuration file /etc/syslog.conf, or another file.
- Copy TCPIP.SEZAINST(SYSLOGD) to your proclib concatenation.
- The program uses environment variables defined in STDENV to control operations. The default configuration file location is /etc/syslog.conf
You can configure syslog.conf for example
This says all messages for SYSLOGD go to a file like /var/log/2022/05/14/syslogd, and error messages go to /var/log/2022/05/14/errors
This means you get a file of messages for each day. For me, I just used /var/log/syslogd.log and /var/log/errors.log, and deleted them periodically.
There is an ISPF syslog browser tool which displays information about the logs, and helps you browse the logs of interest. The documentation for this is not very good.
I got this to work by experimentation. I created an exec like MYSYSLOG
/* Rexx */ address ispexec "LIBDEF ISPMLIB DATASET ID('TCPIP.SEZAMENU') STACK" "LIBDEF ISPPLIB DATASET ID('TCPIP.SEZAPENU') STACK" address tso "ALTLIB ACTIVATE APPLICATION(CLIST) DATASET('TCPIP.SEZAEXEC') " "SELECT CMD(EZASYRGO) NEWPOOL PASSLIB NEWAPPL(EZAS)" address tso "ALTLIB DEACTIVATE APPLICATION(CLIST)" "LIBDEF ISPPLIB" "LIBDEF ISPMLIB"
You can execute this from ISPF option 6 or have this built into the ISPF panels.
Originally this exec was called syslogd; when I used it, I got
SYSTEM COMPLETION CODE=4C5 REASON CODE=77A53217
Where 4C5 is TCPIP, and 3217 – the program has the wrong AC (APF related). This is because there is a command syslogd which was executed in preference to my exec. When I renamed the exec to MYSYSLOG it used the exec and it worked fine!
The first panel is
EZASYP01 ----------------- z/OS CS Syslogd Browser ---------------- Row 1 of 1 Command ===> Scroll ===> PAGE Enter syslogd browser options Recall migrated data sets ==> NO (Yes/No) Recall data sets or not Maximum hits to display ==> 200 (1-99999) Search results to display Maximum file archives ==> 30 (0-400) Days to look for file archives Display start date/time ==> YES (Yes/No) Retrieve start date/time Display active files only ==> NO (Yes/No) Active files only, no archives DSN Prefix override value ==> Enter file or data set name of syslogd configuration, or select one from below: File/DS Name ==> /etc/syslog.conf Press ENTER to continue, or press END PF key to exit without a selection Line commands: S Select, R Remove from list, B Browse content, E Edit content Cmd Recently used syslogd configuration file or data set name --- -------------------------------------------------------------------------- /etc/syslog.conf ******************************* Bottom of data ********************************
Pressing enter, gave me another panel with
EZASYP00 ----------------- z/OS CS Syslogd Browser ---------------- Row 1 of 6 OPTION ===> Scroll ===> PAGE Select one of the following, or press END PF key to exit the syslogd browser 1 Change current syslogd configuration file and/or options 2 Guide me to a possible syslogd destination 3 Clear guide-me hits (indicated by ==> in the Cmd column) 4 Search across all active syslogd files Current config file ==> /etc/syslog.conf Line commands: B Browse, A List archives, S Search active file and archives, SF Search active file, SA Search archives, I File/DSN info Archive Cmd Rule/Active UNIX file name Start Time Type Avail. --- --------------------------------------------- ----------------- ---- ------ *.SYSLOGD*.*.* 28 May 2022 13:31 None 0 /var/log/syslogd - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *.INETD*.*.* Empty N/A None 0 /var/log/inetd - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - auth.* Empty N/A None 0 /var/log/auth
I could then browse the error log for SYSLOGD.
You can search for userid, strings etc, and give date ranges.
However for my small, one person usage, I found it was easier to use Unix services and use the command
to edit the file.
Capturing the right data
If the config file you can specify options like
*.TCPIP.*.* /var/log/TCPIP *.*.*. /var/log/all
The entries are Userid.Jobname.facility.priority.
PAGENT AT-TLS request are reported via TCPIP.
I could not find how to filter the TCPIP data so the AT-TLS data went to one file, and other TCPIP data went to another file. For TCPIP it looks like the “facility” is either “daemon” or “auth”, which you can specify in the TTLS configuration. So not very useful.
In the PAGENT Environment file, I specified
This provided in the TCPIP trace file a record like
May 28 16:35:36 S0W1 TTLS: 16:35:36 TCPIP EZD1283I TTLS Event GRPID: 0000001B ENVID: 0000000D CONNID: 00000212 RC: 0 Set GSK_USER_DATA(200) - 000000007EC2D610
If you specify
With a trace file name you get out the usual gsk trace file. You then use gsktrace name >aaa to format it. This only has the trace data for the PAGENT start up, so you are stuck with the trace going to syslogd with its verbose header, (and badly formatted data).