[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


how to display a QSECOFR log ?

Posted on 2007-03-28
Medium Priority
Last Modified: 2013-12-06
I want to display a QSECOFR log on AS400
Question by:jimlo1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 33

Expert Comment

ID: 18814747
What do you want to know about the QSECOFR?

Essentially, you need to create the auditing journal, turn auditing on (system values QAUDLVL and QAUDCTL), and define what QSECOFR activities/actions you want to log.

Then, you should decide what level of detail you want to show on your audit reports.
You may have to modify the auditing attributes of QSECOFR to get everything you want, and possibly of other system or application objects.

If you must know what qsecofr did this morning, but auditing is not turned on, then you have a problem.


Author Comment

ID: 18830924
PLease give me procedure ? Thank
LVL 27

Accepted Solution

tliotta earned 1500 total points
ID: 18848016

It's not totally clear what you want to do. However, assuming that Shalom was on target --

  ==>  crtjrnrcv  somelib/AUDRCV
  ==>  crtjrn        QSYS/QAUDJRN  jrnrcv( somelib/AUDRCV )
  ==>  chgsysval  QAUDCTL  value( *AUDLVL )
  ==>  chgsysval  QAUDLVL  value( *CREATE *DELETE ... )
  ==>  chgusraud QSECOFR  objaud( *ALL )  audlvl( *CREATE *DELETE ... )
  ==>  crtjobd     somelib/SECOFR  log( 4 0 *SECLVL )
  ==>  chgusrprf  QSECOFR  jobd( somelib/SECOFR )

That's a general sequence that you might take.

First, create a journal receiver. It should be in some library that has no more authority than *USE. I suppose many people create it in QSYS. After a receiver is created, create the QAUDJRN journal in QSYS. You'll have to decide what parameters to supply for management; different sites have different policies. Attach the receiver when you create the journal.

Start activating system auditing by pointing the QAUDCTL system value to the QAUDLVL system value. The current value is *NONE if auditing isn't active. Once you change its value to *AUDLVL, the system will begin auditing according to what's listed in the QAUDLVL system value, so set the list there according to what auditing you want the system to do in general. Since this can generate a whole bunch of audit entries, you'll have to decide what to put in the list. The [help] for the system value gives a general idea of what each item does. Keep in mind that this list is for _system wide_ auditing.

With security auditing active, you can set QSECOFR for auditing at the user level. (This is info about just one user profile -- QSECOFR. Repeat this for any profile you want to audit if you don't do it system wide.) Use the OBJAUD() parameter to tell if you want info audited about objects that are handled by QSECOFR. Use the AUDLVL() parameter to tell if you want info audited about actions taken by QSECOFR.

Additional "logging" can be done. For example, you could create a special job description for QSECOFR and set full job logging on with it. Once a job description exists, you would then attach it to QSECOFR with CHGUSRPRF.

Those steps would give you a fair chance at logging QSECOFR activity. Other things can be done, but as I said, it's not clear exactly what you want yet.

Generally, it should result in very few log entries overall because QSECOFR should not be used for anything except at IBM's direction. That shouldn't happen much more then approximately once per quarter if you apply PTFs that often. You would also use QSECOFR to set up initial configurations and authorities on brand new systems. After that, there's no point in risking damage to the profile. A different profile should be made available for any work needing to be done.


Expert Comment

ID: 18882123
If you are simply looking for the equivalent of, for example, the Windows event log that shows you general system activity you can use the DSPLOG command.  Type DSPLOG at the command prompt, press F4 and then fill in the date range that you would like to inspect.   Additionall, you can also use DSPMSG QSYSOPR to display general "System Operator" messages.  

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question