Ask the Expert

How to detect or log all commands typed

Is there a way we can detect or log all the commands that were typed in on the command line of each user?
You just need to turn on command auditing. This is done on a profile-by-profile basis. Use the command CHGUSRAUD USRPRF(User Profile) AUDLVL(*CMD) This change takes effect immediately.

Commands will then be logged in the Audit Journal. If you don't currently have an Audit Journal, instructions for setting one up are here:
http://www-912.ibm.com/s_dir/slkbase.nsf/1ac66549a21402188625680b0002037e/df40a40809b551ab862565c2007d3259?OpenDocument&Highlight=2,audit,journal

Display the Audit Journal entries with Entry Type "CD" to view the commands. You can view these entries manually with the command DSPJRN JRN(QSYS/QAUDJRN) JRNCDE((T)) ENTTYP(CD) or you can display them to an outfile and run a query against it. Position 30 of the Entry specific data will have either a Y (indicating that the command was run from a CL program) or an N (indicating that the command was called from a command line or a menu option.)

For additional help with the Audit Journal, see Chapter 9 and Appendix F of the iSeries Security Reference, SC41-5302.

This was first published in May 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: