1.  Home
  2. MIDRANGE-L
  3. November 2008

Re: trapping source of invalid login attempts

This should give you what you're looking for. I put it in the job
scheduler and run it weekly and then query out what I want.

DSPJRN JRN(QAUDJRN) RCVRNG(*CURCHAIN) JRNCDE((T)) ENTTYP(PW)
OUTPUT(*OUTFILE) OUTFILFMT(*TYPE5) OUTFILE(QTEMP/QASYPWJ5).


rherdman@xxxxxxxxx 11/25/2008 9:02:13 AM >>>
Does any information like source IP, etc get logged in the system
security journals when a user attempts a login and fails? We have one
of our user profiles that is getting disabled every morning on one of
our partitions and we are having trouble tracking down who/what/where
these attempts are coming from.

All of our iSeries are behind our firewall and the account in question
has been used for program-to-program automation for many years
(interactive use is disabled), so we assume there is an older version of

a program out there trying to connect with an old password (which are
changed regularly).

Any suggestions?

Rich Herdman
Sysco

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.