Commands will then be logged in the Audit Journal. If you don't currently have an Audit Journal, instructions for setting one up are here:
Display the Audit Journal entries with Entry Type "CD" to view the commands. You can view these entries manually with the command DSPJRN JRN(QSYS/QAUDJRN) JRNCDE((T)) ENTTYP(CD) or you can display them to an outfile and run a query against it. Position 30 of the Entry specific data will have either a Y (indicating that the command was run from a CL program) or an N (indicating that the command was called from a command line or a menu option.)
For additional help with the Audit Journal, see Chapter 9 and Appendix F of the iSeries Security Reference, SC41-5302.
This was first published in May 2005