I would like to know all the commands fired by all my users using command line, is it possible.?
I keep a track of all my users when they login and logout, i have very few interactive users on my system who use command line. I would like to know all the commands fired by all my users using command line, is it possible.? This is required from an audit perspective.
Software/Hardware used:
cl400, i750,as400,v6r1
Software/Hardware used:
cl400, i750,as400,v6r1
ASKED:
December 13, 2011 12:57 PM
UPDATED:
March 17, 2012 6:21 AM
Answer Wiki:
Yes, You can be able to get the Commands used by user through command line.
You will need to check the Job log of the User's Inteactive Job.
<pre>WRKUSRJOB USER(TESTUSR) JOBTYPE(*INTERACT) </pre>
This will contain the Interactive sessions of user 'TESTUSR' and select the Job, for which you will need to verify the commands processed by the user.
Pradeep.
To see all answers submitted to the Answer Wiki: View Answer History.
Pradeep,
What u have mentioned is for users who are currently logged in. Is it possible to get the list after the user has logged out.
Change your default for the SIGNOFF command to be *LIST
That will autmatically create a joblog for job
Yeah, You could find the Job as OUTQ if the user has logged off.
For getting the Joblog, you will need to provide *LIST for SIGNOFF parameter. So, that log will be automatically created when user logoff.
Pradeep.
To audit commands, use CHGUSRAUD USRPRF( myuser ) AUDLVL(*CMD). Audited commands will appear in the system audit journal as T/CD entries.
You’d normally audit users who have access to command lines.
You can’t limit the audit only to the “command line”. All commands will be audited, even if they are in compiled programs. You can, however, report only on command-line usage by reporting T/CD entries with the ‘Run from a CL program’ field value of “N”.
Tom