Successful logons can be a little more difficult because of the number of ways that logons can occur. In many sites, the vast majority of “logons” occur through server interfaces. The DATABASE server, the FILE server and other host servers might see the majority of “logons”.

Their mostly likely logged entry of interest would be a QAUDJRN T/JS entry with a subtype of ‘M’. The ‘Effective User Profile’ shows the server job changing to service the new profile that made the connection. You would usually be interested only in the entries that showed a difference between ‘Job User Name’ and the new ‘Effective User Profile’.

A T/JS entry can also be logged for telnet, if those are what you’re interested in. They will have a subtype of ‘S’ for the start of the job and ‘E’ for the end of the job. If the application that is accessed through telnet does any profile swaps, the ‘M’ subtype should show up for that job.

Profile swaps might be classified as ‘logons’ all by themselves. Each one of those is also explicitly logged in QAUDJRN with T/PS entries. Therefore you may see T/JS entries and T/PS entries for the same events if both types of auditing are enabled.

All of what you might find in QAUDJRN is dependent on the auditing options that are enabled. If audits aren’t enabled, then events won’t be logged. Use the various QAUD* system values to enable or disable auditing.

Tom