Q

How to detect or log all commands typed

Is there a way we can detect or log all the commands that were typed in on the command line of each user?
You just need to turn on command auditing. This is done on a profile-by-profile basis. Use the command CHGUSRAUD USRPRF(User Profile) AUDLVL(*CMD) This change takes effect immediately.

Commands will then be logged in the Audit Journal. If you don't currently have an Audit Journal, instructions for setting one up are here:
http://www-912.ibm.com/s_dir/slkbase.nsf/1ac66549a21402188625680b0002037e/df40a40809b551ab862565c2007d3259?OpenDocument&Highlight=2,audit,journal

Display the Audit Journal entries with Entry Type "CD" to view the commands. You can view these entries manually with the command DSPJRN JRN(QSYS/QAUDJRN) JRNCDE((T)) ENTTYP(CD) or you can display them to an outfile and run a query against it. Position 30 of the Entry specific data will have either a Y (indicating that the command was run from a CL program) or an N (indicating that the command was called from a command line or a menu option.)

For additional help with the Audit Journal, see Chapter 9 and Appendix F of the iSeries Security Reference, SC41-5302.
This was first published in May 2005
This Content Component encountered an error

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchEnterpriseLinux

SearchDataCenter

Close