× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



On 19 Feb 2013 06:57, Sandeep Karadkar wrote:

... if I have copy Spool file from iSeries to my desktop, I want
to know is there is any log shows you that you copied some spool
from iSeries ?

Audit journal entry type T-SF in QAUDJRN with entry specific data for "Access Type"='A' might be useful [QAUDLVL with either or both of *SPLFDTA and *SYSMGT, I am not sure] according to:
http://publib.boulder.ibm.com/infocenter/iseries/v7r1m0/topic/rzarl/rzarlf55.htm
_i SF (Action to Spooled File) journal entries i_
"This table provides the format of the SF (Action to Spooled File) journal entries.
Table 1. SF (Action to Spooled File) journal entries. QASYSFJE/J4/J5 Field Description File

Offset
JE J4 J5 Field Format Description
1 1 1 ...
156 224 610 Access Type Char(1) The type of entry
A - Spooled file read by
someone other than the
owner of the spooled file.
..."

There is also mention of a "Registered security exit program" as new to IBM i 7.1 which may or may not be useful. I did not look for a link to that, because the doc gave no registration name nor format name, and I have no access to a 7.1 system for which that information could be of interest.

BTW, the following link was found with a search of the InfoCenter on the tokens [spool file auditing cpysplf]; and so my having alluded to *SYSMGT is probably incorrect:
http://publib.boulder.ibm.com/infocenter/iseries/v7r1m0/topic/rzarl/rzarle77.htm
_i Operations for Spooled Files i_
"This list describes the operations that you can perform against Spooled Files, and whether those operations are audited.
Note: Spooled file actions are audited if the action auditing (QAUDLVL) system value or the action auditing (AUDLVL) parameter in the user profile includes *SPLFDTA.

* Operations that are audited

Access
Each access by any user that is not the owner of the spooled file, including:
o CPYSPLF
o DSPSPLF
o SNDNETSPLF
o SNDTCPSPLF
o STRRMTWTR
o QSPOPNSP API
..."


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.