MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » December 2013

Re: QAUJRN - which audlvl creates entry types LD/ZC/ZR?



fixed

On 06-Dec-2013 13:08 -0800, CRPence wrote:
On 27-Nov-2013 13:07 -0800, fbocch2595@xxxxxxx wrote:

I've got 3 entry types that are causing me grief as far as disk
goes... since we have millions of these entries every month. My
question to you is what QAUDLVL generates the entry types
LD/ZC/ZR? I can certainly find the docs on the entry types but no
mention of which QAUDLVL generates them. I don't want to start
changing the QAUDLVL so I figured I'd ask you folks. I think it's
*JOBDTA for ZC/ZR, am I right about that? What about LD?


You could manage the journal environment and backup of receivers to
alleviate the issues with disk storage; to possibly continue logging
those entries.? WRKJRNA QSYS/QAUDJRN to review the settings.

The ZC and ZR have no relation to the *JOBDTA auditing value for
QAUDLVL System Value. Look instead at the *OBJAUD auditing value for
the QAUDCTL SysVal:

Somehow I pasted the wrong link, albeit with the correct navigation shown. The correct[ed] link follows; the incorrect link was snipped.

<http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/topic/rzarl/rzarlaudobj.htm>
IBM i 7.1 Information Center -> Security -> Security reference ->
Auditing security on System i -> Using the security audit journal ->
Planning security auditing
_i Planning the auditing of object access i_
"The i5/OS <ed: IBM i> operating system provides the ability to log
accesses to an object in the security audit journal by using system
values and the object auditing values for users and objects. This is
called object auditing.

The QAUDCTL system value, the OBJAUD value for an object, and the
OBJAUD value for a user profile work together to control object
auditing. The OBJAUD value for the object and the OBJAUD value for
the user who is using the object determine whether a specific access
should be logged. The QAUDCTL system value starts and stops the
object auditing function.

Table 1 shows how the OBJAUD values for the object and the user
profile work together.

Table 1. How object and user auditing work together
+--------------+--------------------------------------------+
| OBJAUD value | _OBJAUD value for user_ |
| _for object_ | *NONE | *CHANGE | *ALL |
+-----------------------------+--------------+--------------+
|*NONE | None | None | None |
|*USRPRF | None | Change | Change + Use |
|*CHANGE | Change | Change | Change |
|*ALL | Change + Use | Change + Use | Change + Use |
+-----------------------------------------------------------+
..."

Therefore...

A T-ZC (Change of Object) audit log entry is logged for an object as
a result of the object being /changed/ *if* the *OBJAUD special value
was included in the QAUDCTL *and* the *ALL or *CHANGE special value
was specified for the Object Auditing Value (OBJAUD) per a prior
Change User Auditing (CHGUSRAUD) request *and* the specific object
that was changed had the special value of either *CHANGE or *ALL
specified for the Object Auditing Value (OBJAUD) via a prior Change
Object Auditing (CHGOBJAUD) request.

A T-ZR (Read of Object) audit log entry is logged for an object as
the result of an effective /read/ access [usage] of the object [for
a command, used either directly or by proxy] *if* the *ALL special
value was specified for the Object Auditing Value (OBJAUD) on the
user profile per a prior Change User Auditing (CHGUSRAUD) request
*and* the specific object that was used\read had the special value
*USRPRF specified for the Object Auditing Value (OBJAUD) per a prior
Change Object Auditing (CHGOBJAUD) request, *or* merely that the
specific object that was used\read had the special value *ALL
specified for the Object Auditing Value (OBJAUD) per a prior Change
Object Auditing (CHGOBJAUD) request.

Note: for reference above to CHGOBJAUD, refer also to implicit
settings established from the QCRTOBJAUD system value and the
CRTOBJAUD value for libraries [and directories have similar; DLO have
CHGDLOAUD]







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact