• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2103
  • Last Modified:

how to display a QSECOFR log ?

I want to display a QSECOFR log on AS400
1 Solution
What do you want to know about the QSECOFR?

Essentially, you need to create the auditing journal, turn auditing on (system values QAUDLVL and QAUDCTL), and define what QSECOFR activities/actions you want to log.

Then, you should decide what level of detail you want to show on your audit reports.
You may have to modify the auditing attributes of QSECOFR to get everything you want, and possibly of other system or application objects.

If you must know what qsecofr did this morning, but auditing is not turned on, then you have a problem.

jimlo1Author Commented:
PLease give me procedure ? Thank

It's not totally clear what you want to do. However, assuming that Shalom was on target --

  ==>  crtjrnrcv  somelib/AUDRCV
  ==>  crtjrn        QSYS/QAUDJRN  jrnrcv( somelib/AUDRCV )
  ==>  chgsysval  QAUDCTL  value( *AUDLVL )
  ==>  chgsysval  QAUDLVL  value( *CREATE *DELETE ... )
  ==>  chgusraud QSECOFR  objaud( *ALL )  audlvl( *CREATE *DELETE ... )
  ==>  crtjobd     somelib/SECOFR  log( 4 0 *SECLVL )
  ==>  chgusrprf  QSECOFR  jobd( somelib/SECOFR )

That's a general sequence that you might take.

First, create a journal receiver. It should be in some library that has no more authority than *USE. I suppose many people create it in QSYS. After a receiver is created, create the QAUDJRN journal in QSYS. You'll have to decide what parameters to supply for management; different sites have different policies. Attach the receiver when you create the journal.

Start activating system auditing by pointing the QAUDCTL system value to the QAUDLVL system value. The current value is *NONE if auditing isn't active. Once you change its value to *AUDLVL, the system will begin auditing according to what's listed in the QAUDLVL system value, so set the list there according to what auditing you want the system to do in general. Since this can generate a whole bunch of audit entries, you'll have to decide what to put in the list. The [help] for the system value gives a general idea of what each item does. Keep in mind that this list is for _system wide_ auditing.

With security auditing active, you can set QSECOFR for auditing at the user level. (This is info about just one user profile -- QSECOFR. Repeat this for any profile you want to audit if you don't do it system wide.) Use the OBJAUD() parameter to tell if you want info audited about objects that are handled by QSECOFR. Use the AUDLVL() parameter to tell if you want info audited about actions taken by QSECOFR.

Additional "logging" can be done. For example, you could create a special job description for QSECOFR and set full job logging on with it. Once a job description exists, you would then attach it to QSECOFR with CHGUSRPRF.

Those steps would give you a fair chance at logging QSECOFR activity. Other things can be done, but as I said, it's not clear exactly what you want yet.

Generally, it should result in very few log entries overall because QSECOFR should not be used for anything except at IBM's direction. That shouldn't happen much more then approximately once per quarter if you apply PTFs that often. You would also use QSECOFR to set up initial configurations and authorities on brand new systems. After that, there's no point in risking damage to the profile. A different profile should be made available for any work needing to be done.

If you are simply looking for the equivalent of, for example, the Windows event log that shows you general system activity you can use the DSPLOG command.  Type DSPLOG at the command prompt, press F4 and then fill in the date range that you would like to inspect.   Additionall, you can also use DSPMSG QSYSOPR to display general "System Operator" messages.  
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Tackle projects and never again get stuck behind a technical roadblock.
Join Now