chemker
Well Known Member
How many JDE World users out there are using the AS/400 audit logging capabilities? How many don't know? How many have had the need to access the logs?
Thank you for your help.
Thank you for your help.
cbower
Active Member
Chemker
Are you talking about AS/400 journaling? Or use of JDE audit files, such as
F0101A? Or use of AS/400 audit journal functions (as setup in system values
QAUDCTL, QAUDLVL, etc.)?
Chuck Bower
VP of IS
Coachmen Industries, Inc.
A73C8
Are you talking about AS/400 journaling? Or use of JDE audit files, such as
F0101A? Or use of AS/400 audit journal functions (as setup in system values
QAUDCTL, QAUDLVL, etc.)?
Chuck Bower
VP of IS
Coachmen Industries, Inc.
A73C8
chemker
Well Known Member
Re: RE: Audit Logging
The AS/400 Aduit journal functions.
Thank you.
The AS/400 Aduit journal functions.
Thank you.
cbower
Active Member
RE: RE: Audit Logging
Chemker
I am using audit journal, primarily for authority failures, object owner
changes, and creation/deletion of certain objects (mostly user profiles).
Here is what I have configured for this:
*****************************************************
System value . . . . . : QAUDLVL
Description . . . . . : Security auditing level
Auditing Auditing
options options
*AUTFAIL
*SECURITY
*CREATE
*PGMADP
*****************************************************
System value . . . . . : QAUDCTL
Description . . . . . : Auditing control
Auditing
control
*AUDLVL
*NOQTEMP
(*NOQTEMP) is set so I do not audit objects created, etc.
in QTEMP lib of each job. JDE creates several objects
for each signon.
*****************************************************
On system values: QAUDENDACN & QAUDFRCLVL, I have the
default value setup.
I don't recall if I had to create the receivers and
journals (QAUDJRN) or if the system did that. I would
suggest creating them yourself first, and let the system
general journal receivers in its default numbering scheme.
I then use the DSPAUDJRNE commands for data to review, (I
do this weekly).
DSPAUDJRNE ENTTYP(AF) JRNRCV(*CURCHAIN) FROMTIME(&FMDT
030000) TOTIME(&TODT 025900)
This command prints authority failures (type AF) for a
period of time.
Chemker ONE NOTE!!! Watch your journal receivers and the
size of disk space used. These audit journals can really
chew up disk space!!!
Chuck Bower
VP of IS
Coachmen Industries, Inc.
A73C8
Chemker
I am using audit journal, primarily for authority failures, object owner
changes, and creation/deletion of certain objects (mostly user profiles).
Here is what I have configured for this:
*****************************************************
System value . . . . . : QAUDLVL
Description . . . . . : Security auditing level
Auditing Auditing
options options
*AUTFAIL
*SECURITY
*CREATE
*PGMADP
*****************************************************
System value . . . . . : QAUDCTL
Description . . . . . : Auditing control
Auditing
control
*AUDLVL
*NOQTEMP
(*NOQTEMP) is set so I do not audit objects created, etc.
in QTEMP lib of each job. JDE creates several objects
for each signon.
*****************************************************
On system values: QAUDENDACN & QAUDFRCLVL, I have the
default value setup.
I don't recall if I had to create the receivers and
journals (QAUDJRN) or if the system did that. I would
suggest creating them yourself first, and let the system
general journal receivers in its default numbering scheme.
I then use the DSPAUDJRNE commands for data to review, (I
do this weekly).
DSPAUDJRNE ENTTYP(AF) JRNRCV(*CURCHAIN) FROMTIME(&FMDT
030000) TOTIME(&TODT 025900)
This command prints authority failures (type AF) for a
period of time.
Chemker ONE NOTE!!! Watch your journal receivers and the
size of disk space used. These audit journals can really
chew up disk space!!!
Chuck Bower
VP of IS
Coachmen Industries, Inc.
A73C8
jean_driscoll
VIP Member
Re: RE: RE: Audit Logging
You can have the system manage the journal receivers by doing a CHGJRN JRN(QAUDJRN) MNGRCV(*SYSTEM) and making sure system cleanup is running.
To create the audit log use CHGSECAUD
All of this information is in the Security Reference found on the As/400 Information Center.
You can have the system manage the journal receivers by doing a CHGJRN JRN(QAUDJRN) MNGRCV(*SYSTEM) and making sure system cleanup is running.
To create the audit log use CHGSECAUD
All of this information is in the Security Reference found on the As/400 Information Center.
Similar threads
- BCampbell
- JD Edwards® EnterpriseOne Applications
- Frangie
- JD Edwards® Orchestrator
