I've been trying to monitor profiles with *ALLOBJ or above authority using QHST, because QSECOFR has the authority to delete audit logs. Are there any queries or easy methods to audit *ALLOBJ or above profiles besides manually going into QHST daily and searching the spooled report to find users who I know have *ALLOBJ access? This method is not showing accurate information consistently.
QHST is not a reliable source. It can be deleted or cleared. The only reliable source of this type of information is the i5/OS audit journal. While entire receivers can be deleted, individual entries cannot. Even if QSECOFR was to delete an entire receiver, they are in sequence so you could tell if a receiver was missing and go look for the corresponding audit journal entry that documents the deletion.
Dig Deeper on iSeries system and application security
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ...
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ...
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.