Creating Custom Audit Events

You can create your own audit events using the SAFROUTE API. This API handles security-related requests for Enterprise Server applications. Use the AUDIT request type to create your own audit entry point inside COBOL programs hosted by Enterprise Server.

Note: The SAFROUTE API does not work for standalone programs.

The SAFROUTE API is defined in the following copybook located in the cpylib directory of the product installation directory - default is %ProgramFiles(x86)%\Micro Focus\Visual COBOL\cpylib\SAFAPI.CPY (Windows) or /opt/microfocus/VisualCOBOL/cpylib/SAFAPI.cpy (UNIX).

An audit event is comprised of the ENTITY and LOGSTR items, which can contain arbitrary strings. You can also use the Username associated with any ACEE, if it is provided. Audit events can be attributed to either a "success" or "failure" which are mapped to the audit event codes 5:1 and 5:2, respectively.

The following program is an example of a "success" audit event:

identification division.
       program-id. testprog.

       environment division.
       configuration section.

       data division.
       working-storage section.

       copy "SAFAPI.cpy" replacing ==()== by ==ws==.

       01 ws-audit-entity    pic x(11) value "AuditEntity".
       01 ws-audit-string    pic x(11) value "AuditString".

       procedure division.
           move low-values to ws-safpb-parameter-block

           set ws-safpb-cur-ver-88 to true
           set ws-safpb-audit-req-88 to true
           set ws-safpb-audit-success-88 to true
           set ws-safpb-codeset-utf8-88 to true
           set ws-safpb-mod-CICS-88 to true

           set ws-safpb-audit-ENTITY-ptr to address of ws-audit-entity
           set ws-safpb-audit-ENTITY-len to length of ws-audit-entity

           set ws-safpb-audit-LOGSTR-ptr to address of ws-audit-string
           set ws-safpb-audit-LOGSTR-len to length of ws-audit-string

           call 'SAFROUTE' using ws-safpb-parameter-block

           if ws-safpb-api-rc > 0
               *> Audit call failed
           end-if

           goback.
           
       end program testprog.