how to display a QSECOFR log

285 pts.
Tags:
AS/400
Hi, I just want to know how can i display the logs of QSECOFR. How to display the Audit Journal Reciever wherein i can read all those command that QSECOFR did.

Thanks,



Software/Hardware used:
as400

Answer Wiki

Thanks. We'll let you know when a new response is added.

If the QSECOFR is active you can go to WRKACTJOB and take option 5 against QSECOFR and then take optin 10 and press F10 to see all the commands done by him.

If he is not active then you can do WRKUSRJOB and F4 and give QSECOFR in USER parameter and then you can take option 5 (wrk wuth job) against the desired job.

—————————————————————————————————

The above only gives you the job log for the active job.

If you are looking for security audit information it is a bit more involved.

First of all you need *AUDIT authority. Then you need to set up and start auditing.

GO SECTOOLS – Use the option to Change Security Auditing if you are not doing auditing now. See the Help on the option for detailed information, but in general you will need the QUADCTL value set for *AUDLVL and then the Auditing values set for what you want to check for. This option will start security auditing if it is not already running.

Then, to check the audit log, use either the DSPAUDJRNE command or the CPYAUDJRNE command. One of these will be available from the SECTOOLS menu – based on what O/S you are running. The Display command runs the entries out to a spooledfile or the screen. The Copy command generates one or more files based on what journal entries you are looking for. Either command allows you to filter based on a User Profile.

If you are not running security auditing now and you turn it on, just be aware that it can generate quite a bit of data in the audit journal receivers.

Regards
Mike

_________________________________________

Remember to clean up your audit journal receivers as they can potentially take up alot of DASD. You can specify the name and library of the jrnrcv on the last screen of CHGSECAUD.

————————————————————————-

As to allowing users to view *ALLOBJ users’ joblogs without giving a user additional rights you could also look in the Function Usage commands.

GO CMDFCNUSG

Peter

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Yorkshireman
    Unless you are yourself a SECOFR, then it's unlikely you can view the joblog. i5 is choosy about who can see anything they are not authorised to. Perhaps you need a quiet room and produce a 'security policy' to state who can see what, and who should have what level of authority - between users, technical staff, and geeks.
    5,580 pointsBadges:
    report
  • pdraebel
    The WRKFCNUSG can be used to allow a user with *JOBCTL to view the joblog of *ALLOBJ users. The Function is QIBM_ACCESS_ALLOBJ_JOBLOG.
    3,230 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following