× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2005

Re: Object Auditing

Thanks Ed. I'll take a look at the article (not sure what was wrong with your link, both IE and FireFox couldn't link to it, but I went to the site and found it there).

Thanks to the others who weighed in as well.

Pete

Ed Fishel wrote:

Pete Helgren wrote on 05/12/2005 04:21:40 PM:



I have a customer who has been reporting that a few files from a library
are being deleted "spontaneously".  They have been restoring from backup
but I am baffled as to how files could just "delete themselves", so I'd
like to audit the files in the library.  I found a reference to the
CHGOBJAUD and it looks like if I want to audit all the changes to all
the files (which I assume would include deleting the object) on a
library called MYLIB I would use the command as CHGOBJAUD
OBJ(MYLIB/*ALL)  OBJTYPE(*FILE)  OBJAUD(*CHANGE).

It looks like I also have to change the system value QAUDCTL to *OBJAUD .

Is this correct? Will this accomplish what I want (find out who is
deleting the files)? How to I access the information which the
infocenter says is "logged to the auditing journal QAUDJRN in QSYS". I
have never worked with auditing or journals before.



Assuming that security auditing is turned on then your solution should work
for your customer.  If you are just interested in just seeing an audit
record of all objects deleted in the system then set the QAUDLVL system
value to *DELETE and the QAUTCTL system value to *AUDLVL. One way to do
this, and also create the security audit journal, is to use the CHGSECAUD
command.

You can see more of my thoughts on auditing in the May issue of the iSeries
edition of eServer Magazine. You can find it on-line here:
http://www.eservercomputing.com/ME2/Audiences/Default.asp

Ed Fishel,
edfishel@xxxxxxxxxx




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.