Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
How to audit addlible/rmvlible/chglibl actions
Is there any way to audit addlible/rmvlible/chglibl actions? We have a package that has at least two libraries for each application. With our changes library, that makes three. As users navigate between menus in the vendor's menu system (which adds and removes libraries based on menu profiles) sometimes a user will be without a resource when one should be there.
I looked through the journal entry descriptions in the audit journal, but I didn't see anything approaching this. Short of trying to modify the system commands so that a program writes the action to a log first, is there a way to capture this stuff?
I looked through the journal entry descriptions in the audit journal, but I didn't see anything approaching this. Short of trying to modify the system commands so that a program writes the action to a log first, is there a way to capture this stuff?
You can turn on command auditing. This is done on a profile-by-profile basis. Use the command CHGUSRAUD USRPRF(User Profile) AUDLVL(*CMD) This change takes effect immediately.
Commands will then be logged in the Audit Journal. If you don't currently have an Audit Journal, instructions for setting one up are here:
http://www-912.ibm.com/s_dir/slkbase.nsf/1ac66549a21402188625680b0002037e/df40a40809b551ab862565c2007d3259?OpenDocument&Highlight=2,audit,journal
Display the Audit Journal entries with Entry Type "CD" to view the commands. You can view these entries manually with the command DSPJRNJRN(QSYS/QAUDJRN) JRNCDE((T)) ENTTYP(CD) or you can display them to an outfile and run a query against it. You can quickly and easily find the ADDLIBLE/RMVLIBLE/CHGLIBL commands in the outfile using SQL:
Commands will then be logged in the Audit Journal. If you don't currently have an Audit Journal, instructions for setting one up are here:
http://www-912.ibm.com/s_dir/slkbase.nsf/1ac66549a21402188625680b0002037e/df40a40809b551ab862565c2007d3259?OpenDocument&Highlight=2,audit,journal
Display the Audit Journal entries with Entry Type "CD" to view the commands. You can view these entries manually with the command DSPJRNJRN(QSYS/QAUDJRN) JRNCDE((T)) ENTTYP(CD) or you can display them to an outfile and run a query against it. You can quickly and easily find the ADDLIBLE/RMVLIBLE/CHGLIBL commands in the outfile using SQL:
STRSQL then select * from Library/Outfile where JOESD like '%ADDLIBLE%' or JOESD like '%RMVLIBLE%' or JOESD like '%CHGLIBL%'For additional help with the Audit Journal, see Chapter 9 and Appendix F of the iSeries Security Reference, SC41-5302.
Start the conversation
0 comments