Home > IT Answers > AS/400 > iSeries audit log protection
AS400 - Ask the Expert
485 pts.
 iSeries audit log protection
AS/400 compliance, AS/400 security, Audit Journal, iSeries
How are iSeries audit logs protected (e.g., who can access them? Can they be changed?)

Software/Hardware used:
ASKED: June 26, 2008  6:49 PM
UPDATED: November 3, 2009  11:48 PM
RELATED QUESTIONS
Answer Wiki:
Hi, Which audit logs do you mean? Normally system logs on the AS/400 cannot be changed. Access is controlled by user authorities, but can be specifically granted or revoked. Regards, Martin Gilbert.
Last Wiki Answer Submitted:  June 27, 2008  9:24 am  by  Gilly400   23,625 pts.
All Answer Wiki Contributors:  Gilly400   23,625 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 

“Audit logs” should normally refer to journals (and their associated journal receivers). Most common would be system audit journal, QAUDJRN, and database journals created by system users.

There are no interfaces exposed to programmers that allow changes to existing entries in any journal receiver. AFAIK, the interfaces that could cause a change to an entry, including removal of an entry but not including deletion of the receiver objects themselves, are not even surfaced above the virtual machine layer to the operating system itself.

So, although receivers and journals are objects that can be deleted when sufficient authority is granted, the entries are secure. Also, entries can not be added into the receivers that can look like actual audit entries. A “forged” entry would have an entry code that identified it as a non-system entry.

(Someone who programs to the virtual machine level could circumvent system controls, but who would configure their system to allow that?)

Tom

TomLiotta
 107,995 pts.