Detecting system changes made by outside IP address

How can I get the User and IP of someone who is making changes to a file in the AS400 with an external program? For example, using the iSeries Navigator to make an SQL change to a table? I want to know how to obtain the user that logged in and their IP. I have a trigger to the table and I want to save a log for all those changes.
Your trigger program doesn't have access to the location information for an external SQL request. However, you could use an Exit Point Program to intercept a transaction as it is connecting to your system and extract the source IP address information. For example: We have an Exit Point Program that interrogates all SQL initialization requests…

When a user attempts to access our server via SQL, this program extracts the information and deposits an entry like this into the system audit journal: 

Object . . . . . . . :                   Library  . . . . . . :         

Member . . . . . . . :                                                  

Incomplete data  . . :   No              Minimized entry data :   *NONE 

Sequence . . . . . . :   4547878677                                     

Code . . . . . . . . :   U  - User generated entry                      

Type . . . . . . . . :   NA -                                           

            Entry specific data                                         

Column      *...+....1....+....2....+....3....+....4....+....5          

00001      'OB172.017.000.242TOCISIN   *SQL      INIT      DBS'         

00051      'ERVER  LNS081100011200014TOCISIN   *SQL'

The IP address 172.017.000.242 and the User ID TOCISIN is now available to us for reporting purposes.

Developing Exit Point Programs can be a very complicated process. In our case we purchased and installed a product that provides Exit Point Programs for all of the available Exit Points that IBM has defined for the iSeries. This package also includes reporting functionality so we can easily determine who is accessing what on our system.

You can also define rules within this application to decide who can and who cannot access the system. If you want to keep track of who is accessing your iSeries system from the network, you will want to take a look at some of these Exit Point monitoring products. A Google search of "iSeries Network Security" will list several options, including how to write your own Exit Point Programs…

This was first published in September 2008

Back to top