AS/400 Server: View spool file

Tags:
AS/400 audit
AS/400 security
AS/400 Security Data
AS/400 Spooled Files
Hi everyone: Please, is there anyway to know who viewed or accessed my spool file?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Assuming you’re auditing against *SPLFDTA, then T/SF entries should be written to QAUDJRN when spooled files are accessed. Review the <help> for system value QAUDLVL to see what *SPLFDTA audits. (And to see what other options audit.)

Of course, if auditing isn’t activated, then your system isn’t keeping track because its instructions tell it not to keep track. (That’s the default behavior.)

Tom

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Happydayforus2000
    Thanks Tom : I understand what you explained so can you tell me the way that I can view QAUDJRN contents or write it in a file or spool..... Please tell me the CL commands which can do that ...but my user is PGM ..........
    35 pointsBadges:
    report
  • TomLiotta
    @Happydayforus2000: The DSPJRN command is your most likely tool. First, it can be used to view T/SF audit entries. As for what parameters to give it, I can only make some basic suggestions. I have no info on how many entries are generated on your system over any period of time, no info on how your QAUDJRN receivers are defined or managed, and no info on the date/time of the events you might be interested in. A possible example:
    DSPJRN JRN(QAUDJRN)
           RCVRNG(*CURCHAIN)
           FROMTIME(110109 1330)
           JRNCDE((T))
           ENTTYP(SF)
    
    That should list the T/SF entries that are in the current chain of receivers if the entries were created from 13:30 on 11/01/2009 until now. You can also specify a ending date/time if you can pin down the time range better. Second, DSPJRN can populate a database file that can be queried:
    CRTDUPOBJ OBJ(QASYSFJ5)
              FROMLIB(QSYS)
              OBJTYPE(*FILE)
              TOLIB(QTEMP)
              NEWOBJ(TSF)
              DATA(*NO)
    DSPJRN JRN(QAUDJRN)
           RCVRNG(*CURCHAIN)
           FROMTIME(111309 1030)
           JRNCDE((T))
           ENTTYP(SF)
           OUTPUT(*OUTFILE)
           OUTFILFMT(*TYPE5)
           OUTFILE(QTEMP/TSF)
    
    The CRTDUPOBJ duplicates a system-supplied "model file" into your QTEMP library. The DSPJRN command displays the entries from 10:30 on 11/13/2009 and later into the file that you created. The model file has the sub-field definitions that would allow you to run a meaningful query against data you extract. (Do NOT trying putting data into the model file. Duplicate it and use the copy.) That's most of what I can help with in this case. My employer provides auditing software products for System i. You need to know that in order to keep your eyes open about anything I say and to understand why I can only go so far in giving away stuff that my boss prefers to sell. (Direct technical questions are fine.) Good luck. Tom
    125,585 pointsBadges:
    report
  • Happydayforus2000
    [...] Go here to see the original:  Auditing an AS/400 Server [...]
    0 pointsBadges:
    report
  • Happydayforus2000
    Thank You sooooo much Tom
    35 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following