Q

Detecting copied files on the AS/400 using audit journals

Want to know if a user has copied a file from the AS/400? Use QUADJRN and look at ZC and ZR to detect changes and reads of the files.

How could I detect how, who and when if a database physical file was copied from the AS/400? Which logs could help find out?
If you had auditing enabled for the system and then object auditing turned on for a database file (i.e., had run CHGOBJAUD OBJ(YOURLIB/FILENAME) OBJTYPE(*FILE) OBJAUD(*ALL) on the file) you should be able to see a ZR (read of the file) or a ZC (change of the file) in the i5/OS audit journal QAUDJRN.
This was last published in December 2008

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchEnterpriseLinux

SearchDataCenter

Close