We are using the system command SNDDST to send e-mails with attachments to recipients. Is there any auditing available so that we may view who is sending what, and to whom?
Yes, there is. In fact this solution provides information for any command, whose usage you want to monitor. If you turn on object auditing for the SNDDST or any other command, the audit journal entry provides the command string that the user entered. To turn on auditing for a command, run: CHGOBJAUD OBJ(SNDDST) OBJTYPE(*CMD) OBJAUD(*ALL)
Then you'll have to make sure the object auditing is enabled for the system. To do that, run: DSPSYSVAL QAUDCTL - Make sure the value, *OBJAUD, is in the list. If not, add it.
To display the audit journal entries, you can either use the Display Audit Journal Entry (DSPAUDJRNE) command, looking for 'CD' entries, or a third-party auditing package, such as PowerLock SecurityAudit.
The Best Web Links: tips, tutorials and more.
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.