× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2000

RE: auditing commands

First of All is the users tagged as Limited Users.  Then only the commands
you specify to allow Limited users will be available to them.  

Then you could also look at these commands and see if you can intercept them
with another program that sends  you a message.

Marie Graziano

 -----Original Message-----
From:   MacWheel99@aol.com [mailto:MacWheel99@aol.com] 
Sent:   Tuesday, July 25, 2000 3:10 PM
To:     MIDRANGE-L@midrange.com
Subject:        Re: auditing commands

>  From:    sallen@fellowes.com (Allen, Stu)
>  
>  I have a requirement to audit particular OS400 commands - across all
users.
> 
>  Is there any simple way to do this?
>  I know i can audit every command that a user enters, but within our ERP
>  system (JBA) this picks up loads of commands run by the JBA programs
>  themselves.  Plus this would mean an audit journal for every command that
>  every user enters - i neither need nor want that level of detail.
>  
>  Any ideas?
>  
>  Regards,
>  Stuart
>                                                               
>  Stuart Allen
>  European Systems Analyst,  Fellowes
>  mailto:sallen@fellowes.com

We are on BPCS which is a similar deal ... if you do WRKACTJOB or whatever 
what you see is the BPCSMENU program into which tons of things are nested
... 
you can dig down into the stack & see the actual program the user is
running, 
but it is messy & not easy for end users to work with & also there are 
security issues letting end users into this kind of stuff.

http://www.precosis.com.au/piu1.htm is shareware of PROGRAMS IN USE that 
solves this problem ... it puts data into the old S/36 format similar to the

ASNA upgrade where in a single command you could get a chart of user names &

what programs they running in which the names of the programs are those that

are familiar to the end users ... really great when some operation needs to 
be done with no one else updating the same kind of files, but SNDMSG (we use

the API that sends same message to a cluster of users ... the GO ASSIST one 
moved to end user menus) does not cut it when people have walked away from 
their work station in the middle of an update.  And of course someone who 
knows CL can embed a command line command into a user menu.  I have told 
BPCS-L about this several times ... someone else might like to tell 
JBAUSERS-L & MAPICS-L. & OPENERP400.

http://www.precosis.com.au/rv1.htm REMOTE VIEW is an improved version of 
PROGRAMS IN USE for MIS ... often when we need to shut down for backup or 
other dedicated tasks, there are folks who went home for the evening leaving

their sessions signed on in the middle of some program in which cancelling 
their work is not in the best interests of the data base integrity, but what

can you do ... well you can get this share ware & transmit F3 F12 to the 
program so as to gracefully exit it.  This is a brand new variant that
BPCS-L 
does not yet know about & I dare say other ERP groups with similar
interests.

I do not have either of these products yet at Central but they are on my
wish 
list because I recognize their value.

Several years ago, I had a requirement to do auditing of who was updating or

accessing certain key files that management considered to be extremely 
confidential and critical & I used security settings to accomplish this ... 
there was a way on the old S/36 to log all hits on files of our choice &
this 
went to a file from which there was a report for management listing who 
accessed the file when using what program or DFU or operating system command

& of course it was 99.999 % users through legitimate programs doing their 
regular work & the 0.001 % violators that management really needed to see 
were totally buried in the mass of data.

If I was going to be doing that today, I now know enough to substring
exclude 
on the basis of legitimate programs & summary total user names by day or 
other criteria, but I have not studied OS/400 security from the perspective 
of doing this kind of thing.

You might also look at the JBA architecture to see if there is a logical
hook 
where it might be possible to do a one place modification to capture this 
info.  In BPCS when a user takes a program option from BPCSMENU it goes 
through a security program to find out if this person is authorized to run 
ORD500 or INV900 or BOM200 or whatever the program is ... a person on BPCS 
could modify the security program to send a piece of data to a history file 
... name of person name of BPCS program ... of course JBA might not have any

comparable hook & this kind of thinking does not catch the folks who are 
doing things inside the library list but outside the package from the
command 
line & we have added to our BPCS package with menu options that do not go 
through the security ... for reasons of implementation productivity ... I
can 
add a new query report in 10 minutes if I skip all the standard frills.

I recognize that these tools & ideas are not precisely what you are looking 
for, but perhaps they will start you down the path & may be worth
considering 
on their own merits.

Al Macintyre  (c)¿(c)
MIS Manager Programmer & Computer Janitor of BPCS 405 CD Rel-02 running on 
AS/400 V4R3 http://www.cen-elec.com Central Industries of Indiana--->Quality

manufacturer of wire harnesses and electrical sub-assemblies

Y2K is not the end of my universe, but a re-boot of that old Chinese curse.
The road to success is always under construction.
Accept that some days you are the pigeon and some days the statue.
Murphy's Mom brought wrong baby home from hospital so it should be Kelly's 
Law.
When in doubt, read the documentation, assuming you can find it.
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.