|
I agree that you should be seeing those 'Y' entries. Based on the "Where
run" shown by me and Mark Waterbury at
https://www.ibm.com/support/knowledgecenter/en/ssw_ibm_i_
73/rzarl/rzarlf10.htm
You may wish to open a Service Request on that.
IDK if TRCJOB would work for you.
I'm not sure why you are doing this. Is this something which may be
addressed by the new 7.3
<snip>
What's new for IBM i 7.3
Read about new or significantly changed information for the Security
reference topic collection.
A new capability that is called Authority Collection has been added to the
base operating system. This
support assists the security administrator and application provider in
securing the objects in an
application with the lowest level of authority that is required to allow
the application to run successfully. The goal of authority collection is
to increase the security of the objects within the application. New CL
commands, Start Authority Collection (STRAUTCOL), End Authority Collection
(ENDAUTCOL), and
Delete Authority Collection (DLTAUTCOL), and a new SQL view,
QSYS2.AUTHORITY_COLLECTION,
are provided in support of this new enhancement
</snip>
https://www.ibm.com/support/knowledgecenter/en/ssw_ibm_i_
73/rzarl/sc415302.pdf?view=kc
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: Gord Hutchinson <gordm1@xxxxxxxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 03/28/2017 02:28 PM
Subject: Re: Auditing Program Calls
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
Yes, I read your entire reply. And I apologize if my response was
unclear. I left out one key word in my first sentence. You are correct,
I
want a list of what programs and objects were called by this user. I
would
rather not change the auditing for all the programs and commands on the
system. The amount of logging will be huge.
My question was why the CD shows a program being called from a command
line
but not if the program is called from within another program. The 'Where
Run' in the CD entry tells me (if I read it right) where the program was
called. It doesn't tell me why a CD isn't written. I would expect one to
be written with a 'Y' in the Where Run field.
Gord
On Tue, Mar 28, 2017 at 1:02 PM, Rob Berendt <rob@xxxxxxxxx> wrote:
But, in the long reply did you notice that I showed you a way to see ifa
set of programs were called?records
Perhaps you did but were concentrating instead on why using the CD
weren't working?all.
You are the one who made comments on that you didn't want to see source.
This led me to believe that you didn't read the rest of it.
I went through some effort to show you how, exactly, I got those entries
to display. I used bare minimum source and showed you it solely so that
you could see both CALLs being logged.
And what do I hear but
<snip>
I do not really care what programs or commands were. The point is not
what was called but the fact that something was called. I want a report
of all programs and commands called. Including system commands.
</snip>
This is highly confusing. For example should this
I do not really care what programs or commands were.
be
I do not really care what <the> programs or commands were.
or
I do not really care what programs or commands were <called>.
and
<snip>
The point is not what was called but the fact that something was called.
</snip>
Are you asking for a list which shows
CALL ...
CALL ...
CALL ...
CALL ...
CALL ...
and literally just the three dots?
And then you say
<snip>
I want a report of all programs and commands called.
</snip>
I showed you how to do that by using CHGOBJAUD to turn on auditing for
those programs and commands.
And how to read it by using CPYAUDJRNE for the ZR audit types.
And, what do I get in return?
<snip>
I do not really care...
</snip>
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: Gord Hutchinson <gordm1@xxxxxxxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 03/28/2017 12:20 PM
Subject: Re: Auditing Program Calls
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
I appreciate your help Rob but your snide remarks are not helpful at
<midrange-l@xxxxxxxxxxxx>
On Tue, Mar 28, 2017 at 12:04 PM, Rob Berendt <rob@xxxxxxxxx> wrote:
Ok, I realize I had several characters in there. Let me cut it down.thing
<snip>
I want a report of all programs and commands called. Including system
commands.
</snip>
To get such a list requires that you start object auditing on every
you want in the list. See CHGOBJAUD.suggest
Then you have to get the appropriate entries. See CPYAUDJRNE. I
doing the *ALL once. This helped me limit it down to the ZR entries.someone
If you just want one particular step, like all the stack used when
executes a particular program, then you could try TRCJOB.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: Gord Hutchinson <gordm1@xxxxxxxxxxxxxxx>
To: Midrange Systems Technical Discussion
callsDate: 03/28/2017 11:50 AMall
Subject: Re: Auditing Program Calls
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
I do not really care what programs or commands were. The point is not
what
was called but the fact that something was called. I want a report of
programs and commands called. Including system commands.<midrange-l@xxxxxxxxxxxx>
On Tue, Mar 28, 2017 at 11:24 AM, Rob Berendt <rob@xxxxxxxxx> wrote:
ZR (Read of Object) journal entries
Let me step through this
GORD1
PGM
CALL GORD2
SNDMSG MSG(GORD1) TOUSR(*REQUESTER)
ENDPGM
GORD2
PGM
SNDMSG MSG(GORD2) TOUSR(*REQUESTER)
ENDPGM
CHGOBJAUD OBJ(ROB/GORD*) OBJTYPE(*PGM) OBJAUD(*ALL)
CALL GORD1
QSYS/CPYAUDJRNE ENTTYP(ZR)
FROMTIME(032817 1113)
TOTIME(032817 1116)
WRKF QTEMP/QAUDIT*
QAUDITZR
RUNQRY QRYFILE(QTEMP/QAUDITZR)
Object Library Object
name name type
GORD1 ROB *PGM
GORD2 ROB *PGM
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: Gord Hutchinson <gordm1@xxxxxxxxxxxxxxx>
To: Midrange Systems Technical Discussion
writeDate: 03/28/2017 10:58 AMcalled
Subject: Re: Auditing Program Calls
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
I did RTM! A CD is written to the audit journal when a program is
from a command line.
The same command string when executed within a CL program does NOT
the CD entry.<midrange-l@xxxxxxxxxxxx>
On Tue, Mar 28, 2017 at 10:52 AM, Rob Berendt <rob@xxxxxxxxx> wrote:
RTM
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/
rzaki/rzakijournalfinderall2.htm
A CD entry is "change was made for a command string".
Try CHGOBJAUD
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: Gord Hutchinson <gordm1@xxxxxxxxxxxxxxx>
To: Midrange Systems Technical Discussion
Date: 03/28/2017 10:39 AM
Subject: Auditing Program Calls
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
I've been trying to report on the commands and programs a user
question.on
our
7.1 systems. *CMD auditing is turned on for the users in
nofor
When a program is called from the command line I see the CD entry
seethe
CALL in QAUDJRN. If that program calls a second program, I do not
a
commandsecond CD entry. If the program calls a command, the CD for the
is
QAUDJRN.
i.e. CALL PGMA writes a CD entry for the call.
If PGMA does a call to PGMB and then calls cmd DSPSYSSTS there is
mailingCDmailing
entry for the call of PGMB but there is one for DSPSYSSTS.
Is this expected behaviour or am I missing a setting somewhere?
Thanks,
Gord
--
Gord Hutchinson
TST Overland Express
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
affiliatelist
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our
mailinglink: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
affiliatelist
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our
link: http://amzn.to/2dEadiD
--
Gord Hutchinson
TST Overland Express
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
affiliatelist
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our
mailinglink: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
affiliatelist
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our
listlistlink: http://amzn.to/2dEadiD
--
Gord Hutchinson
TST Overland Express
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
Gord Hutchinson
TST Overland Express
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
Gord Hutchinson
TST Overland Express
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.