|
You might try WRKJOB QZSCSRVS Although you may have to look in a bunch to find the right one. On our system, the job log shows user and IP address. Or DSPLOG MSGID(CPIAD12) for the time period in question. HTH > Chuck Bower wrote: > > Help! > > I have a user (lets call her XXXXX) who has the following logged into > the QHST log: > > Additional Message > Information > > > Message ID . . . . . . : CPIAD0B Severity . . . . . . . : > 00 > Message type . . . . . : > Information > Date sent . . . . . . : 01/13/01 Time sent . . . . . . : > 19:02:54 > > > Message . . . . : *SIGNON server job 243473/QUSER/QZSOSIGN > processing > request for user XXXXX on 01/13/01 19:02:54 in subsystem QUSRWRK in > QSYS. > Cause . . . . . : The *SIGNON server is processing request 1 for > user > XXXXX. The types of requests supported are as > follows: > 1 -- Retrieve Signon > Information > 2 -- Change > Password > 3 -- Generate Authentication > Token > > Now, it happens I was speaking with user XXXXX at a party at just the > time this message occurred. I have been trying to find out where this > request came from. I cannot find an IP address from this message, nor > can I located anything else in the log that would indicate the origin > of the request. > > The next day (yesterday), the same message occurred, followed by an > automatic disabling of the user's profile. I do not care, of course, > that the profile was disabled, (I know why it was disabled, too many > incorrect signon attempts-because of my system value settings). What > is WANT TO KNOW IS, WHERE THE HECK IS THE IP ADDRESS!!! > > Because without that, I cannot track down the perpetrator that may be > attempting to break into the system with XXXXX's authority. (which is > quite significant). > > I am even running the system auditing journal. When I look at > password failures, the device name associated with the device for the > journal entry is "COMMUNICATIONS DEVICE". Uh, yeah! > > Anybody's help would be GREATLY appreciated... > > Chuck +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.