z/OS basic audit: launch DSMON and SETROPTS

A basic step on a z/OS and RACF audit is review a DSMON output.
The first is to create a JCL to launch DSMON and SUBMIT on a AUDITOR / SPECIAL user.

  //DSMON    JOB CLASS=A,MSGLEVEL=(1,1),MSGCLASS=A
  //********************************************************
  //* LAUNCH DSMON                                         *
  //********************************************************
  //* DATE:      ACTION:          NAME:                    *
  //* 2013/10/23 CREATE JCL       CAPI_X                   *
  //********************************************************
  //ICHDSM00 EXEC PGM=ICHDSM00
  //SYSUT2   DD SYSOUT=*
  //SYSPRINT DD SYSOUT=*
  //SYSIN    DD *

Once are finished we need the SYSUT2 output (TSO SDSF -> ST)

  SDSF STATUS DISPLAY ALL CLASSES                        LINE 1-40 (180)
  COMMAND INPUT ===>                                            SCROLL ===> PAGE
  NP   JOBNAME  JobID    Owner    Prty Queue      C  Pos  SAff  ASys Status
  ?    ICHDSM00 JOB00531 ADMSPUSR    1 PRINT      A

Using the XDC command we can create a new dataset and store the output on it. (XD*C* closes the file)

  SDSF JOB DATA SET DISPLAY - JOB ICHDSM00 (JOB00531)     DATA SET DISPLAYED
  COMMAND INPUT ===>                                            SCROLL ===> PAGE
  NP   DDNAME   StepName ProcStep DSID Owner    C Dest               Rec-Cnt Page
       JESMSGLG JES2                 2 ADMSPUSR A LOCAL                   16
       JESJCL   JES2                 3 ADMSPUSR A LOCAL                    8
       JESYSMSG JES2                 4 ADMSPUSR A LOCAL                   13
  XDC  SYSUT2   ICHDSM00           102 ADMSPUSR A LOCAL                  886
       SYSPRINT ICHDSM00           103 ADMSPUSR A LOCAL                   19

This is a example of the NEW dataset options (NOTE: Change the Record format to FB to have newline chars)

                              SDSF Open Print Data Set
  COMMAND INPUT ===>                                            SCROLL ===> PAGE

  Data set name  ===> ADMSPUSR.OUT.DSMON
  Member to use  ===>
  Disposition    ===> NEW        (OLD, NEW, SHR, MOD)

  If the data set is to be created, specify the following.
  Volume serial will be used to locate existing data sets if specified.

  Management class     ===>           (Blank for default management class)
  Storage class        ===>           (Blank for default storage class)
    Volume serial      ===>           (Blank for authorized default volume)
    Device type        ===>           (Generic unit or device address)
  Data class           ===>           (Blank for default data class)
    Space units        ===> BLKS      (BLKS, TRKS, CYLS, BY, KB, or MB)
    Primary quantity   ===> 500       (In above units)
    Secondary quantity ===> 500       (In above units)
    Directory blocks   ===>           (Zero for sequential data set)
    Record format      ===> FB
    Record length      ===> 240
    Block size         ===> 3120

To get the SETROPTS LIST output you can use this JCL to run TSO commands and get your output.

  //SETROPTS JOB (CAPI),'TSO SR EXAMPLE',CLASS=A,MSGCLASS=X,
  //             MSGLEVEL=(1,1),NOTIFY=&SYSUID
  //********************************************************
  //* LIST SETROPTS OPTIONS                                *
  //********************************************************
  //* DATE:      ACTION:          NAME:                    *
  //* 2013/10/23 CREATE JCL       CAPI_X                   *
  //********************************************************
  //STEP01   EXEC PGM=IKJEFT01
  //SYSTSPRT DD SYSOUT=*
  //SYSPRINT DD SYSOUT=*
  //SORTMSG  DD SYSOUT=*
  //SYSOUT   DD SYSOUT=*
  //OUTPUT   DD SYSOUT=*
  //LISTOUT  DD SYSOUT=*
  //SYSTSIN  DD *
    SETROPTS LIST
  /*

Now you can repeat the last SDSF commands.
Once all are done we can download the DSMON and SETROPTS datasets and analyze it.

  ftp> ASCII
  200 Representation type is Ascii NonPrint
  ftp> GET OUT.DSMON
  200 Port request OK.
  125 Sending data set ADMSPUSR.OUT.DSMON
  250 Transfer completed successfully.
  ftp> GET OUT.SETROPTS
  200 Port request OK.
  125 Sending data set ADMSPUSR.OUT.SETROPTS
  250 Transfer completed successfully.