how to display a QSECOFR log ?

Posted on 2007-03-28
Last Modified: 2013-12-06
I want to display a QSECOFR log on AS400
Question by:jimlo1
LVL 32

Expert Comment

ID: 18814747
What do you want to know about the QSECOFR?

Essentially, you need to create the auditing journal, turn auditing on (system values QAUDLVL and QAUDCTL), and define what QSECOFR activities/actions you want to log.

Then, you should decide what level of detail you want to show on your audit reports.
You may have to modify the auditing attributes of QSECOFR to get everything you want, and possibly of other system or application objects.

If you must know what qsecofr did this morning, but auditing is not turned on, then you have a problem.


Author Comment

ID: 18830924
PLease give me procedure ? Thank
LVL 27

Accepted Solution

tliotta earned 500 total points
ID: 18848016

It's not totally clear what you want to do. However, assuming that Shalom was on target --

  ==>  crtjrnrcv  somelib/AUDRCV
  ==>  crtjrn        QSYS/QAUDJRN  jrnrcv( somelib/AUDRCV )
  ==>  chgsysval  QAUDCTL  value( *AUDLVL )
  ==>  chgsysval  QAUDLVL  value( *CREATE *DELETE ... )
  ==>  chgusraud QSECOFR  objaud( *ALL )  audlvl( *CREATE *DELETE ... )
  ==>  crtjobd     somelib/SECOFR  log( 4 0 *SECLVL )
  ==>  chgusrprf  QSECOFR  jobd( somelib/SECOFR )

That's a general sequence that you might take.

First, create a journal receiver. It should be in some library that has no more authority than *USE. I suppose many people create it in QSYS. After a receiver is created, create the QAUDJRN journal in QSYS. You'll have to decide what parameters to supply for management; different sites have different policies. Attach the receiver when you create the journal.

Start activating system auditing by pointing the QAUDCTL system value to the QAUDLVL system value. The current value is *NONE if auditing isn't active. Once you change its value to *AUDLVL, the system will begin auditing according to what's listed in the QAUDLVL system value, so set the list there according to what auditing you want the system to do in general. Since this can generate a whole bunch of audit entries, you'll have to decide what to put in the list. The [help] for the system value gives a general idea of what each item does. Keep in mind that this list is for _system wide_ auditing.

With security auditing active, you can set QSECOFR for auditing at the user level. (This is info about just one user profile -- QSECOFR. Repeat this for any profile you want to audit if you don't do it system wide.) Use the OBJAUD() parameter to tell if you want info audited about objects that are handled by QSECOFR. Use the AUDLVL() parameter to tell if you want info audited about actions taken by QSECOFR.

Additional "logging" can be done. For example, you could create a special job description for QSECOFR and set full job logging on with it. Once a job description exists, you would then attach it to QSECOFR with CHGUSRPRF.

Those steps would give you a fair chance at logging QSECOFR activity. Other things can be done, but as I said, it's not clear exactly what you want yet.

Generally, it should result in very few log entries overall because QSECOFR should not be used for anything except at IBM's direction. That shouldn't happen much more then approximately once per quarter if you apply PTFs that often. You would also use QSECOFR to set up initial configurations and authorities on brand new systems. After that, there's no point in risking damage to the profile. A different profile should be made available for any work needing to be done.


Expert Comment

ID: 18882123
If you are simply looking for the equivalent of, for example, the Windows event log that shows you general system activity you can use the DSPLOG command.  Type DSPLOG at the command prompt, press F4 and then fill in the date range that you would like to inspect.   Additionall, you can also use DSPMSG QSYSOPR to display general "System Operator" messages.  

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now