MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » December 2013

Re: QAUJRN - which audlvl creates entry types LD/ZC/ZR?



fixed

On 27-Nov-2013 13:07 -0800, fbocch2595@xxxxxxx wrote:

I've got 3 entry types that are causing me grief as far as disk
goes... since we have millions of these entries every month. My
question to you is what QAUDLVL generates the entry types LD/ZC/ZR?
I can certainly find the docs on the entry types but no mention of
which QAUDLVL generates them. I don't want to start changing the
QAUDLVL so I figured I'd ask you folks. I think it's *JOBDTA for
ZC/ZR, am I right about that? What about LD?


You could manage the journal environment and backup of receivers to alleviate the issues with disk storage; to possibly continue logging those entries.? WRKJRNA QSYS/QAUDJRN to review the settings.

The ZC and ZR have no relation to the *JOBDTA auditing value for QAUDLVL System Value. Look instead at the *OBJAUD auditing value for the QAUDCTL SysVal:

<http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/topic/rzarl/rzarldspobjaud.htm>
IBM i 7.1 Information Center -> Security -> Security reference -> Auditing security on System i -> Using the security audit journal -> Planning security auditing
_i Planning the auditing of object access i_
"The i5/OS <ed: IBM i> operating system provides the ability to log accesses to an object in the security audit journal by using system values and the object auditing values for users and objects. This is called object auditing.

The QAUDCTL system value, the OBJAUD value for an object, and the OBJAUD value for a user profile work together to control object auditing. The OBJAUD value for the object and the OBJAUD value for the user who is using the object determine whether a specific access should be logged. The QAUDCTL system value starts and stops the object auditing function.

Table 1 shows how the OBJAUD values for the object and the user profile work together.

Table 1. How object and user auditing work together
+--------------+--------------------------------------------+
| OBJAUD value | _OBJAUD value for user_ |
| _for object_ | *NONE | *CHANGE | *ALL |
+-----------------------------+--------------+--------------+
|*NONE | None | None | None |
|*USRPRF | None | Change | Change + Use |
|*CHANGE | Change | Change | Change |
|*ALL | Change + Use | Change + Use | Change + Use |
+-----------------------------------------------------------+
..."

Therefore...

A T-ZC (Change of Object) audit log entry is logged for an object as a result of the object being /changed/ *if* the *OBJAUD special value was included in the QAUDCTL *and* the *ALL or *CHANGE special value was specified for the Object Auditing Value (OBJAUD) per a prior Change User Auditing (CHGUSRAUD) request *and* the specific object that was changed had the special value of either *CHANGE or *ALL specified for the Object Auditing Value (OBJAUD) via a prior Change Object Auditing (CHGOBJAUD) request.

A T-ZR (Read of Object) audit log entry is logged for an object as the result of an effective /read/ access [usage] of the object [for a command, used either directly or by proxy] *if* the *ALL special value was specified for the Object Auditing Value (OBJAUD) on the user profile per a prior Change User Auditing (CHGUSRAUD) request *and* the specific object that was used\read had the special value *USRPRF specified for the Object Auditing Value (OBJAUD) per a prior Change Object Auditing (CHGOBJAUD) request, *or* merely that the specific object that was used\read had the special value *ALL specified for the Object Auditing Value (OBJAUD) per a prior Change Object Auditing (CHGOBJAUD) request.

Note: for reference above to CHGOBJAUD, refer also to implicit settings established from the QCRTOBJAUD system value and the CRTOBJAUD value for libraries [and directories have similar; DLO have CHGDLOAUD]






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact