Here's and easy way to analyze audit journal entries.

Here's and easy way to analyze audit journal entries.

There is a much easier way to analyze audit journal entries other than going through the hassle of creating a library,...

PF and then an SQL.

The best way to do this efficiently is to display your audit journal to an output file and then query the file.

Execute a DSPJRN command and prompt it. The journal is QAUDJRN in QSYS. The starting journal receiver is either *current (current journal receiver being written to) or *curchain (all of the journal receivers on the system attached to the QAUDJRN. (WRKJRNA QAUDJRN will display this).

Enter in the starting date and time if using *curchain and the ending date and time. Enter in the journal entry type (example: CP for changed passwords) and output = *outfile. Enter in the name of an empty file in QGPL or your own library.

NOTE: Journal entry types can be found on pages 228 - 234 in the OS/400 Security Reference. The object auditing value must be turned on in order to cut audit journal records for a particular journal entry type.

Query the newly written to file.

If you want very detailed audit journal records, use the same procedure as above but use type 2 records.

In order to use type2 records, go to the OS/400 Security Reference, pages 471 - 525. Find the journal entry type you are looking for. IBM has empty files on the system for type2 records. These files should have a CRTDUPOBJ (create duplicate object), data *no executed on them. These files are formatted for type2 audit journal records. On page 481, you'll see that type2 record for audit journal entry type CP is QASYCPJE / QSYS. Create a duplicate of this called something like AUDJRNCP2 / QGPL.

Run your type2 DSPJRN to this outfile. Write a query against the records in this file.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Ask the Experts yourself: Our systems management gurus are waiting to answer your technical questions.


This was last published in November 2001

Dig Deeper on Performance

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchEnterpriseLinux

SearchDataCenter

Close