Monitoring QSECOFR What's the best practice in tracking activity QSECOFR has on V4 OS/400s, and is it different on V5 OS/400 systems?
The best way to monitor QSECOFR is through the audit journal. You could run queries to find any objects created or deleted (*CREATE and *DELETE must be specified in the QAUDLVL system value to generate these) by QSECOFR. You can also monitor all of the CL commands this profile enters by running the Change User Auditing (CHGUSRAUD) specifying *CMD for the User action auditing parameter. A couple of other activities that you might find useful are the invalid sign on attempts for the QSECOFR profile -- *SECURITY must be specified in the QAUDLVL parameter to log this activity –- and the programs and service programs that adopt QSECOFR. You can find these by running the Display Program Adopt (DSPPGMADP) command. These techniques can be used on either V4 or V5 systems.
Dig Deeper on iSeries system performance and monitoring
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ...
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ...
On AS/400, the journal type AF subtype K, shows that a user profile lacks the special authority required by the function attempting to run.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.