Manage Learn to apply best practices and optimize your operations.

Audit journal monitoring of *ALLOBJ profiles

System i security expert Carol Woodbury discusses why QHST is not a reliable source for *ALLOBJ profile monitoring, and explains why the i5/OS audit journal should be used instead.

I've been trying to monitor profiles with *ALLOBJ or above authority using QHST, because QSECOFR has the authority to delete audit logs. Are there any queries or easy methods to audit *ALLOBJ or above profiles besides manually going into QHST daily and searching the spooled report to find users who I know have *ALLOBJ access? This method is not showing accurate information consistently.
QHST is not a reliable source. It can be deleted or cleared. The only reliable source of this type of information is the i5/OS audit journal. While entire receivers can be deleted, individual entries cannot. Even if QSECOFR was to delete an entire receiver, they are in sequence so you could tell if a receiver was missing and go look for the corresponding audit journal entry that documents the deletion.

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.