1.  Home
  2. MIDRANGE-L
  3. August 2006

RE: Disk 99% full, what to do?

Well, I just copied a table from Word that contains the Audit Events
that exist, and the ones that we have chosen to track. This is based on
Carol Woodbury and Patrick Botz's book, "Expert's Guide to OS/400 &
i5/OS Security". 

Unfortunately, all the formatting dropped out, but you should still be
able to make out the items we are currently auditing. They will be the
ones with the "X" on the right.


Audit Events    Audit Values    Currently Audited
Authority failure events        *AUTFAIL        X
Object create operations        *CREATE X
Object delete operations        *DELETE X
Actions that affect a job       *JOBDTA 
APPN filtering violations       *NETCMN 
Object move and rename operations       *OBJMGT 
Office mail actions and system distribution directory changes   *OFCSRV 
Optical functions       *OPTICAL        
Use of adopted authority        *PGMADP 
Integrity violations    *PGMFAIL        
Print functions *PRTDTA 
Restore operations      *SAVRST X
Security tasks (*see below)     *SECURITY       X
Service tasks   *SERVICE        X
Spooled file operations *SPLFDTA        
System Management tasks *SYSMGT 

In release V5R3 of the operating system, a large number of additional
possible values have been added, letting us subset the types of security
auditing performed. For V5R3 and beyond, the "Security tasks" audit
event will be as follows:

Audit Events    Audit Values    Currently Audited
Security-related configuration is audited       *SECCFG X
Use of directory service functions is audited   *SECDIRSRV      
Use of interprocess communications is audited   *SECIPC 
Events associated with Network Authentication Service ticket
verification are audited        *SECNAS 
Runtime functions associated with changes of an object are audited
*SECRUN X
Events associated with secure socket descriptors are audited    *SECSCKD

Events associated with the use of user-profile verification events are
audited *SECVFY 
Events associated with use of validation-list object entries are audited
*SECLDL 
Basic network events are audited        *NETBAS 
Events associated with cluster or cluster resource group operations are
audited *NETCLU 
Events associated with network failures are audited     *NETFAIL        
Tasks associated with sockets are audited       *NETSCK 

Hope it helps...

Dave

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of IGS Ang
Sent: Friday, August 04, 2006 1:19 AM
To: Midrange Systems Technical Discussion
Subject: Re: Disk 99% full, what to do?

Hello All,

I've just came back from the client place and found the audit journal
receiver is taking a large portion of it. I've cleared it and managed to
clear about 100GB and now the DASD utilization is down to 65%.

Is it normal for audit journal to take up so much space? I went it to
check and found out that all the options are turned on. But strange this
is, why it started to grow tremendously for the past few days.

My client will have a close watch on the receiver and considered case
close. Thanks for everybody's help! =)

Regards,
Daniel

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.