I would start with understanding how to extract information from QAUDJRN, here are couple links to help:

http://systeminetwork.com/article/extracting-information-qaudjrn
http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/cl/cpyaudjrne.htm
http://systeminetwork.com/article/user-auditing-made-easier-addusraud-and-rmvusraud-commands

Now that you have your data, you can compare it to the values in Appendix F.

====================================================================

Appendix F of the Security Reference is the definitive guide to audit entries in QAUDJRN. If an entry isn't listed, you're using an out of date reference guide or IBM made a documentation error or you're processing entries that aren't audit entries (and probably shouldn't be processed.) And, come to think of it, an additional possibility is an entry type that was added by a PTF after the publication date of the reference guide. A PTF cover letter should indicate a location for documentation.

If IBM made a documentation error, report it to them. They might point you to additional documentation. (I'd be surprised if you found an entry that they haven't already covered.)

If you're using an older reference guide, download a current one.

If you're processing other entries (e.g., entries with journal codes other than 'T'), then you might be on your own.

What entry codes do you need help with? Or are they entries with entry code 'T' but that have entry types that you don't see in Appendix F?

Tom

Please complete the following information:

REGISTER / LOG-IN TO DISCUSS

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Submit your e-mail address below to continue

E-mail: 

E-mail: 

Handle:   

Password: 

Forgot Password?

Create Handle: 

Your handle identifies you in ITKnowledgeExchange. Max 30 char.

Create Password: 

Confirm Password: 

Yes, I agree to the IT Knowledge Exchange  Terms and Conditions.

hidden modal window