Q
Manage Learn to apply best practices and optimize your operations.

Tracking command-line access with the audit journal

ISeries expert Ken Graap explains how to use the audit journal to track command-line access in System i.

Is there a way to track command line access? For instance, who's using it and what commands they're entering?
Yes. Commands can be tracked through entries in the system audit journal.

First you need to activate security auditing:

1. In Operations Navigator, select the system you want to work with.
2. Expand Security Policies
3. Expand Security
4. Expand Audit Policy
5. Activate auditing (use HELP button for complete instructions)

Then you need to change the user profile attribute for the users you wish to track. This is done via the CHGUSRAUD:

CHGUSRAUD USRPRF(Usr_Prf) AUDLVL(*CMD)

To create a report showing all the commands entered by a particular user, use the following command:

  
   DSPAUDJRNE ENTTYP(CD) USRPRF(Usr_Prf) JRNRCV(*CURCHAIN) OUTPUT(*PRINT)
   
  

Good luck!

Dig Deeper on Data backup, storage and retrieval on iSeries

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Close