× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Thanks...

I already had that set... This RPG job creates text data on the IFS. Before doing that it tries to delete the object if existing.

When we went from the Power7+ to Power9 last year, we had issues with permissions & authority on most of our IFS objects & directories. I'm thinking I don't quite have all of those worked out yet.

I just don't understand why my pgm would have been stuck in a loop creating/deleting.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Marc Rauzier
Sent: Friday, April 29, 2022 5:26 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: QAUDJRN

Le 29/04/2022 à 23:03, Greg Wilburn a écrit :
The examples look for specific types (like AF etc.). This was a program stuck in a loop. I can see the entries using DSPJRN QAUDJRN and the receivers in question. I just don't know what they mean.

Code was J or T, Type was PR, LD, DO, CO.

Security Reference, Layout of audit journal entries is your friend

https://www.ibm.com/docs/en/i/7.4?topic=reference-layout-audit-journal-entries


Seems like Code T with Type LD DO CO was repeating very very quickly.

DO is for Delete Object, CO for Create object. You may want to set audit
value to include *NOQTEMP if a lot of objects here are related to QTEMP
library.

LD is related to Link/Unlink IFS directories.


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jim Oberholtzer
Sent: Friday, April 29, 2022 4:55 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: QAUDJRN

It sounds like there is a problem somewhere. I’d just look at the last receiver using the examples in ACS to try and see what’s causing so many entries. Either that or the size is set way too small.

Jim Oberholtzer
Agile Technology Architects



On Apr 29, 2022, at 2:39 PM, Greg Wilburn <gwilburn@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

Thanks Jim... I about to turn it off!

I had it on a week... created about 35 files.

Today alone it created files 0036 to 0282! Looking at QSYSOPR messages, at one point it was creating 1 a minute.

I've tried to look at the receivers using the tools in Run SQL Scripts examples, but I don't know if I'm seeing all of the entries.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jim Oberholtzer
Sent: Thursday, April 28, 2022 10:54 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: QAUDJRN

First off, it's good you started auditing, it makes forensic investigations
so much easier (and possible). Once you're in a "normal" security
environment you are going to want to set the size of the journal
receiver so you keep a specific unit of time in it, a day, or a week before
it changes. Most of my customers prefer it daily. We have a job that runs
near midnight each night to change the journal so a new receiver is
started, and in the text it states what day the receiver is for.

As to clean up, what we do is have a special save that only gets the audit
receivers and appends to the tape, so you'll get many days (or months) on a
tape. Since Evault is doing your back up it's not a real tape, so much the
better. Then we only keep two weeks of receivers on the system since we
can get to history quite easily.

For reference the source members Greg refers to are located in
QMGTOOLS/QMGDBSQL source file. In DLTJRNRCV1 my only concern is the delete
option is set to *IGNINQMSG. That means you might remove receivers that
are not backed up. There is code there to check the save date if it's not
blank, but I prefer a bit more of a safety net on that. Not my first
choice unless you really intend for that to happen.

The second program appears to be an exit program that should be put on the
delete journal receiver command and all it does is force 5 days to elapse
before it allows the removal. Nice example for an exit but really does not
do that much.

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On Thu, Apr 28, 2022 at 9:18 AM Greg Wilburn <
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

So I have just recently enabled journaling (a week ago), and I already
have 33 journal receivers. There's an authority issue with Web Query that
is the main culprit.

In any case, I wanted to automate the cleanup of these files before they
get out of hand. I've located some CL source in QMGTOOLS for DLTJRNRCV1
and DLJRNRCV2. I was going to give one of those a try.
Our current saves (Evault) has daily, weekly and monthly retentions...
pretty sure we would have those saved for some time.

Any advice would be appreciated...

Greg


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.