how to display a QSECOFR log ?

Posted on 2007-03-28
Last Modified: 2013-12-06
I want to display a QSECOFR log on AS400
Question by:jimlo1
LVL 33

Expert Comment

ID: 18814747
What do you want to know about the QSECOFR?

Essentially, you need to create the auditing journal, turn auditing on (system values QAUDLVL and QAUDCTL), and define what QSECOFR activities/actions you want to log.

Then, you should decide what level of detail you want to show on your audit reports.
You may have to modify the auditing attributes of QSECOFR to get everything you want, and possibly of other system or application objects.

If you must know what qsecofr did this morning, but auditing is not turned on, then you have a problem.


Author Comment

ID: 18830924
PLease give me procedure ? Thank
LVL 27

Accepted Solution

tliotta earned 500 total points
ID: 18848016

It's not totally clear what you want to do. However, assuming that Shalom was on target --

  ==>  crtjrnrcv  somelib/AUDRCV
  ==>  crtjrn        QSYS/QAUDJRN  jrnrcv( somelib/AUDRCV )
  ==>  chgsysval  QAUDCTL  value( *AUDLVL )
  ==>  chgsysval  QAUDLVL  value( *CREATE *DELETE ... )
  ==>  chgusraud QSECOFR  objaud( *ALL )  audlvl( *CREATE *DELETE ... )
  ==>  crtjobd     somelib/SECOFR  log( 4 0 *SECLVL )
  ==>  chgusrprf  QSECOFR  jobd( somelib/SECOFR )

That's a general sequence that you might take.

First, create a journal receiver. It should be in some library that has no more authority than *USE. I suppose many people create it in QSYS. After a receiver is created, create the QAUDJRN journal in QSYS. You'll have to decide what parameters to supply for management; different sites have different policies. Attach the receiver when you create the journal.

Start activating system auditing by pointing the QAUDCTL system value to the QAUDLVL system value. The current value is *NONE if auditing isn't active. Once you change its value to *AUDLVL, the system will begin auditing according to what's listed in the QAUDLVL system value, so set the list there according to what auditing you want the system to do in general. Since this can generate a whole bunch of audit entries, you'll have to decide what to put in the list. The [help] for the system value gives a general idea of what each item does. Keep in mind that this list is for _system wide_ auditing.

With security auditing active, you can set QSECOFR for auditing at the user level. (This is info about just one user profile -- QSECOFR. Repeat this for any profile you want to audit if you don't do it system wide.) Use the OBJAUD() parameter to tell if you want info audited about objects that are handled by QSECOFR. Use the AUDLVL() parameter to tell if you want info audited about actions taken by QSECOFR.

Additional "logging" can be done. For example, you could create a special job description for QSECOFR and set full job logging on with it. Once a job description exists, you would then attach it to QSECOFR with CHGUSRPRF.

Those steps would give you a fair chance at logging QSECOFR activity. Other things can be done, but as I said, it's not clear exactly what you want yet.

Generally, it should result in very few log entries overall because QSECOFR should not be used for anything except at IBM's direction. That shouldn't happen much more then approximately once per quarter if you apply PTFs that often. You would also use QSECOFR to set up initial configurations and authorities on brand new systems. After that, there's no point in risking damage to the profile. A different profile should be made available for any work needing to be done.


Expert Comment

ID: 18882123
If you are simply looking for the equivalent of, for example, the Windows event log that shows you general system activity you can use the DSPLOG command.  Type DSPLOG at the command prompt, press F4 and then fill in the date range that you would like to inspect.   Additionall, you can also use DSPMSG QSYSOPR to display general "System Operator" messages.  

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 10 start menu disapperared 5 84
VMWare backup server? 24 122
windows 10 anniversary update -- download size ? 4 691
Windows 10 won't boot, just a black cursor.  Help. 6 91
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, ( because one time I did this and I essentially had a bricked …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
A short film showing how OnPage and Connectwise integration works.

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now