Q

Detecting copied files on the AS/400 using audit journals

Want to know if a user has copied a file from the AS/400? Use QUADJRN and look at ZC and ZR to detect changes and reads of the files.

How could I detect how, who and when if a database physical file was copied from the AS/400? Which logs could help find out?
If you had auditing enabled for the system and then object auditing turned on for a database file (i.e., had run CHGOBJAUD OBJ(YOURLIB/FILENAME) OBJTYPE(*FILE) OBJAUD(*ALL) on the file) you should be able to see a ZR (read of the file) or a ZC (change of the file) in the i5/OS audit journal QAUDJRN.
This was first published in December 2008

Dig deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchEnterpriseLinux

SearchDataCenter

Close