RE: RE: Audit Logging
Chemker
I am using audit journal, primarily for authority failures, object owner
changes, and creation/deletion of certain objects (mostly user profiles).
Here is what I have configured for this:
*****************************************************
System value . . . . . : QAUDLVL
Description . . . . . : Security auditing level
Auditing Auditing
options options
*AUTFAIL
*SECURITY
*CREATE
*PGMADP
*****************************************************
System value . . . . . : QAUDCTL
Description . . . . . : Auditing control
Auditing
control
*AUDLVL
*NOQTEMP
(*NOQTEMP) is set so I do not audit objects created, etc.
in QTEMP lib of each job. JDE creates several objects
for each signon.
*****************************************************
On system values: QAUDENDACN & QAUDFRCLVL, I have the
default value setup.
I don't recall if I had to create the receivers and
journals (QAUDJRN) or if the system did that. I would
suggest creating them yourself first, and let the system
general journal receivers in its default numbering scheme.
I then use the DSPAUDJRNE commands for data to review, (I
do this weekly).
DSPAUDJRNE ENTTYP(AF) JRNRCV(*CURCHAIN) FROMTIME(&FMDT
030000) TOTIME(&TODT 025900)
This command prints authority failures (type AF) for a
period of time.
Chemker ONE NOTE!!! Watch your journal receivers and the
size of disk space used. These audit journals can really
chew up disk space!!!
Chuck Bower
VP of IS
Coachmen Industries, Inc.
A73C8