IMHO if you want to know what is happening on your system you need to turn on auditing.
It is quite easy to do too. Take a look at this:
http://publib.boulder.ibm.com/infocenter/iseries/v6r1m0/topic/rzarl/rzarlusesecjnl.htm
One very important thing to keep in mind... Security auditing can create a lot of audit entries on a busy system. You need to have enough disk space for the journal receivers generated and you need to actively manage them!
Kenneth
Kenneth E. Graap
http://www.linkedin.com/in/kennethgraap
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of James Lampert
Sent: Tuesday, September 06, 2011 9:27 AM
To: Midrange Systems Technical Discussion
Subject: Re: Monitoring IFS objects for deletion at V5R4
Graap, Kenneth wrote:
When a *STMF is deleted from the IFS, a " DO " type " A " entry is
deposited in the Audit Journal if you are auditing deletes
Interesting. The Audit Journal, rather than an ordinary journal applied to the IFS directory where the problem deletions are occurring?
On the customer box, I don't currently have the authority to even look at the audit journal.
On our box, the one where I've been running the experiments, we don't currently have an Audit Journal set up.
And at the moment, what I know about the Audit Journal, and 75 cents, might still get you a cup of coffee.
--
JHHL
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
midrange.com
