There is a much easier way to analyze audit journal entries other than going through the hassle of creating a library,...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
PF and then an SQL.
The best way to do this efficiently is to display your audit journal to an output file and then query the file.
Execute a DSPJRN command and prompt it. The journal is QAUDJRN in QSYS. The starting journal receiver is either *current (current journal receiver being written to) or *curchain (all of the journal receivers on the system attached to the QAUDJRN. (WRKJRNA QAUDJRN will display this).
Enter in the starting date and time if using *curchain and the ending date and time. Enter in the journal entry type (example: CP for changed passwords) and output = *outfile. Enter in the name of an empty file in QGPL or your own library.
NOTE: Journal entry types can be found on pages 228 - 234 in the OS/400 Security Reference. The object auditing value must be turned on in order to cut audit journal records for a particular journal entry type.
Query the newly written to file.
If you want very detailed audit journal records, use the same procedure as above but use type 2 records.
In order to use type2 records, go to the OS/400 Security Reference, pages 471 - 525. Find the journal entry type you are looking for. IBM has empty files on the system for type2 records. These files should have a CRTDUPOBJ (create duplicate object), data *no executed on them. These files are formatted for type2 audit journal records. On page 481, you'll see that type2 record for audit journal entry type CP is QASYCPJE / QSYS. Create a duplicate of this called something like AUDJRNCP2 / QGPL.
Run your type2 DSPJRN to this outfile. Write a query against the records in this file.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Ask the Experts yourself: Our systems management gurus are waiting to answer your technical questions.