1.  Home
  2. MIDRANGE-L
  3. December 1998

RE: Security. Level 40. Audit Journal

  • Subject: RE: Security. Level 40. Audit Journal
  • From: "Graap, Ken" <keg@xxxxxxxxxxxxxxxxxx>
  • Date: Tue, 22 Dec 1998 15:49:36 -0800
 
>Here's my stupid question:  How do I turn "ON" the audit journal?

Here it is.... Right out of the manual.... (
http://as400bks.rochester.ibm.com/bookmgr/v4r3eng.htm )


To set up security auditing, do the following steps. Setting up auditing
requires *AUDIT special authority. 


Create a journal receiver in a library of your choice by using the
Create Journal Receiver (CRTJRNRCV) command. This example uses a library
called JRNLIB for journal receivers. 

 |       CRTJRNRCV  JRNRCV(JRNLIB/AUDRCV0001) + 
 |                  THRESHOLD(100000) AUT(*EXCLUDE)   + 
 |                  TEXT('Auditing Journal Receiver') 




Place the journal receiver in a library that is saved regularly. 

Choose a journal receiver name that can be used to create a naming
convention for future journal receivers, such as AUDRCV0001. You can use
the *GEN option when you change journal receivers to continue the naming
convention. Using this type of naming convention is also useful if you
choose to have the system manage changing your journal receivers. 

Specify a receiver threshold appropriate to your system size and
activity. The size you choose should be based on the number of
transactions on your system and the number of actions you choose to
audit. If you use system change-journal management support, the journal
receiver threshold must be at least 5,000KB. For more information on
journal receiver threshold refer to the Backup and Recovery book. 

Specify *EXCLUDE on the AUT parameter to limit access to the information
stored in the journal. 



Create the QSYS/QAUDJRN journal by using the Create Journal (CRTJRN)
command: 

         CRTJRN  JRN(QSYS/QAUDJRN) + 
                 JRNRCV(JRNLIB/AUDRCV0001) + 
                 MNGRCV(*SYSTEM) DLTRCV(*NO) + 
                 AUT(*EXCLUDE) TEXT('Auditing Journal') 



The name QSYS/QAUDJRN must be used. 

Specify the name of the journal receiver you created in the previous
step. 

Specify *EXCLUDE on the AUT parameter to limit access to the information
stored in the journal. You must have authority to add objects to QSYS to
create the journal. 

Use the Manage receiver (MNGRCV) parameter to have the system change the
journal receiver and attach a new one when the attached receiver exceeds
the threshold specified when the journal receiver was created. If you
choose this option, you do not have to use the CHGJRN command to detach
receivers and create and attach new receivers manually. 

Do not have the system delete detached receivers. Specify DLTRCV(*NO),
which is the default. The QAUDJRN receivers are your security audit
trail. Ensure that they are adequately saved before deleting them from
the system. 


The Backup and Recovery book provides more information about working
with journals and journal receivers. 

Set the audit level (QAUDLVL) system value using the WRKSYSVAL command.
The QAUDLVL system value determines which actions are logged to the
audit journal for all users on the system. See "Planning the Auditing of
Actions" in topic 9.2.1.1. 

Set action auditing for individual users if necessary using the
CHGUSRAUD command. See "Planning the Auditing of Actions" in topic
9.2.1.1. 

Set object auditing for specific objects if necessary using the
CHGOBJAUD and CHGDLOAUD commands. See "Planning the Auditing of Object
Access" in topic 9.2.1.2. 

Set object auditing for specific users if necessary using the CHGUSRAUD
command. 

Set the QAUDENDACN system value to control what happens if the system
cannot access the audit journal. See "Audit End Action" in topic
9.2.1.3. 

Set the QAUDFRCLVL system value to control how often audit records are
written to auxiliary storage. See "Preventing Loss of Auditing
Information" in topic 9.2.1.3. 

Start auditing by setting the QAUDCTL system value to a value other than
*NONE. 


The QSYS/QAUDJRN journal must exist before you can change the QAUDCTL
system value to a value other than *NONE. When you start auditing, the
system attempts to write a record to the audit journal. If the attempt
is not successful, you receive a message and auditing does not start.
------------------------------------------------------------------------
--------
 

Kenneth

--
********************************
       Kenneth  E.  Graap
    IBM Certified Specialist
          AS/400   Professional 
          System  Administrator
 NW Natural - Information Services
           System Services
        503 226 4211 X5537
          FAX  503 721 2521
      keg@nwnatural.com
********************************


-----Original Message-----
From: Boyer, Barry [mailto:bboyer@gstleather.com]
Sent: Tuesday, December 22, 1998 2:52 PM
To: 'MIDRANGE-L@midrange.co'
Subject: Security. Level 40. Audit Journal



+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.