Here is a snippet of a CL(v5r3) I use when finding just such info:

CHKOBJ OBJ(QTEMP/QASYPWJ5) OBJTYPE(*FILE)
MONMSG MSGID(CPF9801) EXEC(CRTDUPOBJ OBJ(QASYPWJ5) +
FROMLIB(QSYS) OBJTYPE(*FILE) TOLIB(QTEMP))

DSPJRN JRN(QAUDJRN) RCVRNG(*CURCHAIN) +
FROMTIME(&FDATE &FTIME) TOTIME(&TDATE +
&TTIME) JRNCDE((T)) ENTTYP(PW) +
OUTPUT(*OUTFILE) OUTFILFMT(*TYPE5) +
OUTFILE(QTEMP/QASYPWJ5)

If on V5r4+ you should be able to use the Copy Audit Journal Entries
(CPYAUDJRNE) command like:
QSYS/CPYAUDJRNE ENTTYP(PW) OUTFILE(QTEMP/AUDIT)

you should the have a AUDITPW file in qtemp you can query on.

All this is predicated on the QAUDLVL having *SECURITY being logged.

you can use DSPSECAUD to be sure.

Bryan



On 11/25/08, Rich Herdman <rherdman@xxxxxxxxx> wrote:
Does any information like source IP, etc get logged in the system
security journals when a user attempts a login and fails? We have one
of our user profiles that is getting disabled every morning on one of
our partitions and we are having trouble tracking down who/what/where
these attempts are coming from.

All of our iSeries are behind our firewall and the account in question
has been used for program-to-program automation for many years
(interactive use is disabled), so we assume there is an older version of
a program out there trying to connect with an old password (which are
changed regularly).

Any suggestions?

Rich Herdman
Sysco

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.