|
Well, I just copied a table from Word that contains the Audit Events that exist, and the ones that we have chosen to track. This is based on Carol Woodbury and Patrick Botz's book, "Expert's Guide to OS/400 & i5/OS Security". Unfortunately, all the formatting dropped out, but you should still be able to make out the items we are currently auditing. They will be the ones with the "X" on the right. Audit Events Audit Values Currently Audited Authority failure events *AUTFAIL X Object create operations *CREATE X Object delete operations *DELETE X Actions that affect a job *JOBDTA APPN filtering violations *NETCMN Object move and rename operations *OBJMGT Office mail actions and system distribution directory changes *OFCSRV Optical functions *OPTICAL Use of adopted authority *PGMADP Integrity violations *PGMFAIL Print functions *PRTDTA Restore operations *SAVRST X Security tasks (*see below) *SECURITY X Service tasks *SERVICE X Spooled file operations *SPLFDTA System Management tasks *SYSMGT In release V5R3 of the operating system, a large number of additional possible values have been added, letting us subset the types of security auditing performed. For V5R3 and beyond, the "Security tasks" audit event will be as follows: Audit Events Audit Values Currently Audited Security-related configuration is audited *SECCFG X Use of directory service functions is audited *SECDIRSRV Use of interprocess communications is audited *SECIPC Events associated with Network Authentication Service ticket verification are audited *SECNAS Runtime functions associated with changes of an object are audited *SECRUN X Events associated with secure socket descriptors are audited *SECSCKD Events associated with the use of user-profile verification events are audited *SECVFY Events associated with use of validation-list object entries are audited *SECLDL Basic network events are audited *NETBAS Events associated with cluster or cluster resource group operations are audited *NETCLU Events associated with network failures are audited *NETFAIL Tasks associated with sockets are audited *NETSCK Hope it helps... Dave -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of IGS Ang Sent: Friday, August 04, 2006 1:19 AM To: Midrange Systems Technical Discussion Subject: Re: Disk 99% full, what to do? Hello All, I've just came back from the client place and found the audit journal receiver is taking a large portion of it. I've cleared it and managed to clear about 100GB and now the DASD utilization is down to 65%. Is it normal for audit journal to take up so much space? I went it to check and found out that all the options are turned on. But strange this is, why it started to grow tremendously for the past few days. My client will have a close watch on the receiver and considered case close. Thanks for everybody's help! =) Regards, Daniel
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
