|
The examples look for specific types (like AF etc.). This was a program stuck in a loop. I can see the entries using DSPJRN QAUDJRN and the receivers in question. I just don't know what they mean.
Code was J or T, Type was PR, LD, DO, CO.
Seems like Code T with Type LD DO CO was repeating very very quickly.
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jim Oberholtzer
Sent: Friday, April 29, 2022 4:55 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: QAUDJRN
It sounds like there is a problem somewhere. I’d just look at the last receiver using the examples in ACS to try and see what’s causing so many entries. Either that or the size is set way too small.
Jim Oberholtzer
Agile Technology Architects
On Apr 29, 2022, at 2:39 PM, Greg Wilburn <gwilburn@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks Jim... I about to turn it off!
I had it on a week... created about 35 files.
Today alone it created files 0036 to 0282! Looking at QSYSOPR messages, at one point it was creating 1 a minute.
I've tried to look at the receivers using the tools in Run SQL Scripts examples, but I don't know if I'm seeing all of the entries.
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jim Oberholtzer
Sent: Thursday, April 28, 2022 10:54 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: QAUDJRN
First off, it's good you started auditing, it makes forensic investigations
so much easier (and possible). Once you're in a "normal" security
environment you are going to want to set the size of the journal
receiver so you keep a specific unit of time in it, a day, or a week before
it changes. Most of my customers prefer it daily. We have a job that runs
near midnight each night to change the journal so a new receiver is
started, and in the text it states what day the receiver is for.
As to clean up, what we do is have a special save that only gets the audit
receivers and appends to the tape, so you'll get many days (or months) on a
tape. Since Evault is doing your back up it's not a real tape, so much the
better. Then we only keep two weeks of receivers on the system since we
can get to history quite easily.
For reference the source members Greg refers to are located in
QMGTOOLS/QMGDBSQL source file. In DLTJRNRCV1 my only concern is the delete
option is set to *IGNINQMSG. That means you might remove receivers that
are not backed up. There is code there to check the save date if it's not
blank, but I prefer a bit more of a safety net on that. Not my first
choice unless you really intend for that to happen.
The second program appears to be an exit program that should be put on the
delete journal receiver command and all it does is force 5 days to elapse
before it allows the removal. Nice example for an exit but really does not
do that much.
--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects
On Thu, Apr 28, 2022 at 9:18 AM Greg Wilburn <--
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
So I have just recently enabled journaling (a week ago), and I already
have 33 journal receivers. There's an authority issue with Web Query that
is the main culprit.
In any case, I wanted to automate the cleanup of these files before they
get out of hand. I've located some CL source in QMGTOOLS for DLTJRNRCV1
and DLJRNRCV2. I was going to give one of those a try.
Our current saves (Evault) has daily, weekly and monthly retentions...
pretty sure we would have those saved for some time.
Any advice would be appreciated...
Greg
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.