Audit Journal Entries AS/400

480 pts.
Tags:
AS/400
AS/400 journaling
audit journaling
Hi, I would like to trace the Audit entries for the event - *ATNEVT(IM) and *PGMADP(AP). I have included both auditing values in the CHGSECAUD command. Please suggest 1. In order to get those entries, what operation that I need to perfom? 2. And why this is missing in DSPAUDJRNE ** -- I have the Audit authority and system is under audit -- ** Thanks in advance

Software/Hardware used:
AS400

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    Before doing anything with CHGSECAUD, you need to verify whether or not your system already has system auditing enabled. If auditing is enabled now, then you should not use CHGSECAUD until you fully understand what it does and how it does it.   2. And why this is missing in DSPAUDJRNE   It's missing simply because DSPAUDJRNE is available only for basic convenience. It is not a fully enabled security audit command, and IBM recommends not using it for serious audit work. It only shows the entries that it has been enabled to show. It doesn't get updated like "real" system commands. (You might be able to report it to IBM and get it enhanced.)   If you need to see actual audit journal entries, use the DSPJRN command.   Before there is useful comments for your first question, let us know if your system is already enabled for auditing.   Tom
    125,585 pointsBadges:
    report
  • as400dev
    I have the Audit authority and system is under audit
    480 pointsBadges:
    report
  • TomLiotta
    Then you shouldn't be using CHGSECAUD unless you are just beginning to set up auditing and you don't have it completed yet.   If your system has been running with audit enabled and it's been successfully placing valid entries into QAUDJRN and all of your processes are running as they should, use the QAUDLVL system value to add *ATNEVT and *PGMADP to the list. (Use the QAUDLVL2 system value support if necessary.)   The CHGSECAUD command can make significant changes that may make various functions work differently or block other functions. It creates an audit environment that can be relatively strict, and you should use it only to set an initial environment. After an initial environment is set, you would make detail changes using standard interfaces (e.g., system values) to allow anything that might have been blocked or to tune what the command did.   But if this isn't an initial environment, stay with fully IBM-supported interfaces. Make only the changes that are needed.   Tom
    125,585 pointsBadges:
    report
  • as400dev
    Thanks Tom, I have include both the events. My question is 1. What Steps I need to perform to have the Journal entries IM and AP. 
    480 pointsBadges:
    report
  • TomLiotta
    To get AP entries, the *PGMADP action can be added to QAUDLVL (or QAUDLVL2 if necessary). To get IM entries, see the Starting the intrusion detection system topic in the Information Center. (That's an i 6.1 link. If you run V5R4, the steps may be a little different.)   Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following