Re: AS400 Audit trail question.




"Silenus paparias" <olympiada1964@xxxxxxxxx> wrote in message news:22a6e523-dc5b-4713-b60d-db861dffc43d@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On 9 Αύγ, 20:41, "Mike" <m...@xxxxxxxx> wrote:
"Silenus paparias" <olympiada1...@xxxxxxxxx> wrote in message

news:65b04a6c-3c3b-40d2-b49e-d7359e2a190c@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On 6 Áýã, 23:54, "Mike" <m...@xxxxxxxx> wrote:





"Silenus paparias" <olympiada1...@xxxxxxxxx> wrote in message

news:ebec8438-1303-4f31-bfa7-fa2746bd7870@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| Hello.
|
| Momentaly the auditing on AS400, has following settings:
|
| QAUDCTL *AUDLVL
| QAUDLVL *SECURITY
|
| Which works very fine.
|
| I wont to record also the signon-time AND singoff time, of all
| users.
|
| Its is possibel?
|
| I had look on the others values of QAUDLVL but i can't find the
right
| one.
|
| v4r5
|
| Thanks.

You can use the job accounting journal for this information

You mean *JOBDTA ?

Also i need to include which user has startet which pgm, its possible?

thanks.

The job accounting journal is another journal, separate from the
security audit journal.
It does not automatically list all the different programs a user might
invoke during a single session.

If users have access to a command line they can run anything unless it
is locked down with security restrictions. If you force a standard
program or menu at sign on you can limit their options and you can
trigger a new job accounting entry as they navigate among their
options.

Mike Sicilian- Απόκρυψη κειμένου σε παράθεση -

- Εμφάνιση κειμένου σε παράθεση -

Hallo Mike.

All users are restricted through the Main program, so they can only
operate within Menus(no command lines etc).

THE POINT IS , to exclude for audit journal *JOBDTA to record the
jobs from predefined system users, like QUSER,QPGMR, QSPLJOB,QTCP
etc.
all this with Q****.

Is this possible?

thnaks.


Not to my knowledge. However, you can display any journal into a file and then use query or SQL to omit all records except those of interest. Alternately, you can use the receive journal entry command in a program and loop through all entries and use program logic to skip entries of no interest.

Mike




Relevant Pages

  • Re: AS400 Audit trail question.
    ... | I had look on the others values of QAUDLVL but i can't find the ... The job accounting journal is another journal, ... security audit journal. ... is locked down with security restrictions. ...
    (comp.sys.ibm.as400.misc)
  • Re: AS400 Audit trail question.
    ... | QAUDCTL *AUDLVL ... | I had look on the others values of QAUDLVL but i can't find the ... The job accounting journal is another journal, ... security audit journal. ...
    (comp.sys.ibm.as400.misc)
  • Knowledgeroot (fckeditor) Remote Arbitrary File Upload Exploit
    ... A security issue has been discovered in Knowledgeroot, which can be exploited by malicious people to bypass certain security restrictions. ... Access to the enabled FCKeditor component is not properly restricted, which can be exploited to e.g upload files of certain types. ...
    (Bugtraq)
  • Re: AS400 Audit trail question.
    ... | QAUDCTL *AUDLVL ... | QAUDLVL *SECURITY ... | I had look on the others values of QAUDLVL but i can't find the ... I have tried the parameter *JOBDTA. ...
    (comp.sys.ibm.as400.misc)
  • Re: AS400 Audit trail question.
    ... | QAUDCTL *AUDLVL ... | QAUDLVL *SECURITY ... | I had look on the others values of QAUDLVL but i can't find the ...
    (comp.sys.ibm.as400.misc)