1.  Home
  2. MIDRANGE-L
  3. September 2011

Re: Monitoring IFS objects for deletion at V5R4

On 06-Sep-2011 16:14 , James Lampert wrote:
Interesting:

The system already has auditing turned on.

Being "on" as compared to specifically what level of auditing is activated may have different meaning\effect. Particularly for the given scenario, are both *DELETE in QAUDLVL [or QAUDLVL2] and *AUDLVL in QAUDCTL?

1. I don't have the authority to do a DSPAUDJRNE on the customer
box.

As I recall use of that command is deprecated; IIRC, specifically due to an inability to provide the complete IFS name in output. CPYAUDJRNE is recommended instead, or just using DSPJRN might suffice in some cases.

2. I can, however, do a DSPJRN there.

I created and deleted an object in the "IFS directory of interest."
If I then do
DSPJRN JRN(QAUDJRN) FROMTIME('09/06/2011' '17:00:01') ENTTYP(DO)

Close attention to the date\time of the retrieved entries may be important when RCVRNG(*CURCHAIN) is not utilized, since entries from a prior receiver may not appear in a date\time-based selection; i.e. the shipped-default is to search only the *CURRENT receiver.

I get a bunch of entries, but most of them are irrelevant, and I
find that without knowing the jobname, I would have to manually scan
all 280 entries to find the one I'm looking for.

Using OUTPUT() other than to the display often assists with only partial filtering on the command, to enable search\find activity on the report or OUTFILE() since the displayed entries are one-at-a-time oriented. However when the specific job name of the activity is known, the entries are easily enough pared directly using the JOB() parameter on the DSPJRN. There is also the USRPRF() parameter; e.g. as passed on the xxxAUDJRNE commands to the effective DSPJRN done by those utilities.

If I add OBJPATH(('/foo')) and SUBTREE(*ALL) parameters ("/foo" being
the most senior containing directory), I get "Maximum number of
objects exceeded." Ditto for OBJPATH(('/foo/bar')). But if I then do
OBJPATH(('/foo/bar/settings')), even though that is the directory
where I created and deleted an object, I get "No entries converted
or received from journal QAUDJRN."

Help?

Specifying the OBJPATH() [and SUBTREE()] would be about the same as specifying the FILE().? That conclusion seems to be supported by the error messages seen, for which the full list of objects in the named directory [and subtrees] would have to be processed. In the given scenario the attempt is to find audit entries, not journal entries for specific objects.

Regards, Chuck

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact copyright@midrange.com.

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.