× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2006

RE: Audit Journal Entry


Object . . . . . . . :                   Library  . . . . . . :
Member . . . . . . . :
Incomplete data  . . :   No              Minimized entry data :   No
Sequence . . . . . . :   7315973
Code . . . . . . . . :   T  - Audit trail entry
Type . . . . . . . . :   GR - General purpose audit record

            Entry specific data
Column      *...+....1....+....2....+....3....+....4....+....5
00001      'FZRWU03              *CHKUSAGE                             '
00051      '
'
00101      '                             QIBM_QTMF_SERVER_REQ_'
00151      '3
'
00201      '
'
00251      '
'


Above is one of the detailed entries, I know it's from an FTP server job,
and I'm pretty sure there's some type of exit program helping to secure FTP
on this box.  The entries are occurring in the course of normal program
operations, so I don't want to stop the occurance of the events, but would
like to not record them as journal entries .

                                                                       
             "Gary Monnier"                                            
             <gary.monnier@pow                                       
             ertech.com>                                                To
             Sent by:                  "Midrange Systems Technical     
             midrange-l-bounce         Discussion"                     
             s@xxxxxxxxxxxx            <midrange-l@xxxxxxxxxxxx>   
                                                                        cc
                                                                       
             09/26/2006 04:51                                      Subject
             PM                        RE: Audit Journal Entry         
                                                                       
                                                                       
             Please respond to                                         
             Midrange Systems                                          
                 Technical                                             
                Discussion                                             
             <midrange-l@midra                                         
                 nge.com>                                            
                                                                       
                                                                       




Chad,

According to the security reference documentation GR entry codes relate
to actions taken against exit point entries when programs or functions
are modified/used in some manner.  From the list you supplied it cannot
be determined what the entries are for.

Display one of the entries using *TYPE4 and look at offset 224.  An
A,C,D or R means an exit point had its exit program setting touched. A C
appears to be related to MQSeries operations. An F pertains to function
alterations (see iSeries Navagator Application Administration for
details)

Offset 225 tells what action was performed - ZC=Change and ZR=Read.

Starting at offset 243 for 102 bytes you will see what action was
requested.

I know this doesn't directly answer your question on how to stop
generating them but it gives you a starting point.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
ChadB@xxxxxxxxxxxxxxxxxxxx
Sent: Tuesday, September 26, 2006 7:08 AM
To: Midrange Systems Technical Discussion
Subject: Re: Audit Journal Entry



Bumping this in the hopes it will catch someone's eye that knows...



             ChadB@wheeling-ni

             sshin.com

             Sent by:
To
             midrange-l-bounce         midrange-l@xxxxxxxxxxxx

             s@xxxxxxxxxxxx
cc



Subject
             09/25/2006 03:30          Audit Journal Entry

             PM





             Please respond to

             Midrange Systems

                 Technical

                Discussion

             <midrange-l@midra

                 nge.com>











I'm trying to filter some of the items out of the security audit journal
that we are not interested in having a record of.  Does anyone know how
to prevent the specific type of entry listed below?

7314213   T     GR                           QTFTP00366  14:41:04
7314214   T     GR                           QTFTP00517  15:09:51
7314215   T     GR                           QTFTP00517  15:09:51
7314216   T     GR                           QTFTP00517  15:09:51
7314217   T     GR                           QTFTP00517  15:09:51
7314218   T     GR                           QTFTP00517  15:09:51
7314219   T     GR                           QTFTP00517  15:09:51


The manual says that it has to do with an exit program (which is used in
conjunction with FTP on our box).  I can't figure out which entries in
the QAUDLVL system value are causing these entries to be written.  We
currently have the following ones turned on:

 *AUTFAIL
 *SECCFG
 *SECDIRSRV
 *SECVLDL
 *SERVICE
 *SYSMGT
 *PGMADP
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


________________________________________________________________________
_____

Scanned by IBM Email Security Management Services powered by
MessageLabs. For more information please visit http://www.ers.ibm.com
________________________________________________________________________
_____


ForwardSourceID:NT00052CAA

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


_____________________________________________________________________________

Scanned by IBM Email Security Management Services powered by MessageLabs.
For more information please visit http://www.ers.ibm.com
_____________________________________________________________________________


ForwardSourceID:NT0005371E

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.