|
midrange.com
Object . . . . . . . : Library . . . . . . :
Member . . . . . . . :
Incomplete data . . : No Minimized entry data : No
Sequence . . . . . . : 7315973
Code . . . . . . . . : T - Audit trail entry
Type . . . . . . . . : GR - General purpose audit record
Entry specific data
Column *...+....1....+....2....+....3....+....4....+....5
00001 'FZRWU03 *CHKUSAGE '
00051 '
'
00101 ' QIBM_QTMF_SERVER_REQ_'
00151 '3
'
00201 '
'
00251 '
'
Above is one of the detailed entries, I know it's from an FTP server job,
and I'm pretty sure there's some type of exit program helping to secure FTP
on this box. The entries are occurring in the course of normal program
operations, so I don't want to stop the occurance of the events, but would
like to not record them as journal entries .
"Gary Monnier"
<gary.monnier@pow
ertech.com> To
Sent by: "Midrange Systems Technical
midrange-l-bounce Discussion"
s@xxxxxxxxxxxx <midrange-l@xxxxxxxxxxxx>
cc
09/26/2006 04:51 Subject
PM RE: Audit Journal Entry
Please respond to
Midrange Systems
Technical
Discussion
<midrange-l@midra
nge.com>
Chad,
According to the security reference documentation GR entry codes relate
to actions taken against exit point entries when programs or functions
are modified/used in some manner. From the list you supplied it cannot
be determined what the entries are for.
Display one of the entries using *TYPE4 and look at offset 224. An
A,C,D or R means an exit point had its exit program setting touched. A C
appears to be related to MQSeries operations. An F pertains to function
alterations (see iSeries Navagator Application Administration for
details)
Offset 225 tells what action was performed - ZC=Change and ZR=Read.
Starting at offset 243 for 102 bytes you will see what action was
requested.
I know this doesn't directly answer your question on how to stop
generating them but it gives you a starting point.
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
ChadB@xxxxxxxxxxxxxxxxxxxx
Sent: Tuesday, September 26, 2006 7:08 AM
To: Midrange Systems Technical Discussion
Subject: Re: Audit Journal Entry
Bumping this in the hopes it will catch someone's eye that knows...
ChadB@wheeling-ni
sshin.com
Sent by:
To
midrange-l-bounce midrange-l@xxxxxxxxxxxx
s@xxxxxxxxxxxx
cc
Subject
09/25/2006 03:30 Audit Journal Entry
PM
Please respond to
Midrange Systems
Technical
Discussion
<midrange-l@midra
nge.com>
I'm trying to filter some of the items out of the security audit journal
that we are not interested in having a record of. Does anyone know how
to prevent the specific type of entry listed below?
7314213 T GR QTFTP00366 14:41:04
7314214 T GR QTFTP00517 15:09:51
7314215 T GR QTFTP00517 15:09:51
7314216 T GR QTFTP00517 15:09:51
7314217 T GR QTFTP00517 15:09:51
7314218 T GR QTFTP00517 15:09:51
7314219 T GR QTFTP00517 15:09:51
The manual says that it has to do with an exit program (which is used in
conjunction with FTP on our box). I can't figure out which entries in
the QAUDLVL system value are causing these entries to be written. We
currently have the following ones turned on:
*AUTFAIL
*SECCFG
*SECDIRSRV
*SECVLDL
*SERVICE
*SYSMGT
*PGMADP
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
________________________________________________________________________
_____
Scanned by IBM Email Security Management Services powered by
MessageLabs. For more information please visit http://www.ers.ibm.com
________________________________________________________________________
_____
ForwardSourceID:NT00052CAA
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
_____________________________________________________________________________
Scanned by IBM Email Security Management Services powered by MessageLabs.
For more information please visit http://www.ers.ibm.com
_____________________________________________________________________________
ForwardSourceID:NT0005371E
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
