![[z/OS]](../images/ngzos.gif)
Configuring the SMF audit service providers for security auditing
The audit service provider is used to format the audit data object that was sent by the audit event factory. For z/OS® systems you can choose to use the SMF emitter implementation to output audit records to the Service Management Framework (SMF) as SMF Type 83 Subtype 5 Relocates.
Before you begin
Before configuring the audit service provider, enable global security in your environment. SMF recording must be enabled at the operating system level before configuring the SMF audit service provider to be used. If SMF recording is off and a SMF audit service provider implementation is used, then audit records are not logged to SMF and no warning is presented to alert you that the records are not being recorded.
About this task
Procedure
Results
What to do next
After creating an audit service provider, the audit service provider must be associated with an audit event factory that will provide the audit data objects to the audit service provider. Next you should configure an audit event factory.
Audit records emitted to SMF may be read using the SMF Unload utility. See the z/OS Internet Library for more information about the SMF Unload utility.
You can specify the com.ibm.audit.field.length.limit custom property to set the length at which variable-length audit data is truncated. For more information, see the documentation about the security custom properties.