Re: Object Auditing

[Pete Helgren <Pete@xxxxxxxxxx>]

Thanks Ed.  I'll take a look at the article (not sure what was wrong 
with your link, both IE and FireFox couldn't link to it, but I went to 
the site and found it there).

Thanks to the others who weighed in as well.

Pete

Ed Fishel wrote:

> Pete Helgren wrote on 05/12/2005 04:21:40 PM:
>
>  
>
> > I have a customer who has been reporting that a few files from a library
> > are being deleted "spontaneously".  They have been restoring from backup
> > but I am baffled as to how files could just "delete themselves", so I'd
> > like to audit the files in the library.  I found a reference to the
> > CHGOBJAUD and it looks like if I want to audit all the changes to all
> > the files (which I assume would include deleting the object) on a
> > library called MYLIB I would use the command as CHGOBJAUD
> > OBJ(MYLIB/*ALL)  OBJTYPE(*FILE)  OBJAUD(*CHANGE).
> >
> > It looks like I also have to change the system value QAUDCTL to *OBJAUD .
> >
> > Is this correct?  Will this accomplish what I want (find out who is
> > deleting the files)?  How to I access the information which the
> > infocenter says is "logged to the auditing journal QAUDJRN in QSYS".  I
> > have never worked with auditing or journals before.
> >    
>
> Assuming that security auditing is turned on then your solution should work
> for your customer.  If you are just interested in just seeing an audit
> record of all objects deleted in the system then set the QAUDLVL system
> value to *DELETE and the QAUTCTL system value to *AUDLVL. One way to do
> this, and also create the security audit journal, is to use the CHGSECAUD
> command.
>
> You can see more of my thoughts on auditing in the May issue of the iSeries
> edition of eServer Magazine. You can find it on-line here:
> http://www.eservercomputing.com/ME2/Audiences/Default.asp
>
> Ed Fishel,
> edfishel@xxxxxxxxxx
>
>