|
midrange.com
If it's snowballing that quickly... you're in trouble Pat! ;)
Thanks again...
Patrick Botz
<botz@xxxxxxxxxx>
Sent by: To
midrange-l-bounce Midrange Systems Technical
s@xxxxxxxxxxxx Discussion
<midrange-l@xxxxxxxxxxxx>
cc
09/27/2006 12:59
PM Subject
RE: Audit Journal Entry -- More
Useful Info and a Correction to
Please respond to Previous Post
Midrange Systems
Technical
Discussion
<midrange-l@midra
nge.com>
Chad,
The best way to find what auditing values are causing a particular entry is
in the Security Reference manual in the info center. Expend Security and
this manual can be selected. You can download the PDF or view it on line.
On line viewing is pretty fast.
Chapter 9 has the information you want. Just select that chapter from the
bookmarks after you display it and scroll down. There are several tables.
Because GR records can be cut due to several different Action and Object
auditing settings, there is more than one of these values that may cause an
entry (depending on the TYPE field in the GR record). Just look for "GR"
in the second column of the table that starts on page 241 (the V5R4 version
of the manual) and spans several pages. You'll find GR several times.
I don't remember what I saw on the detailed entry that was posted to the
forum, but I suspect that the entry was cut because someone tried to add,
remove, or change the exit point program associated with the FTP exit point
named in the GR record. This could be caused by at least one of the
security related action auditing values or by turning object auditing on
for the
"QUSRSYS/QUSEXRGOBJ *EXITRG object " The info in the table should give you
an idea of what to look for.
Correction-----
Upon further review, the "aside" in my previous post has been overturned!
After investigating more details on Chad's question, I realized that the GR
entries are NOT the ones we created for handling the development process
problems (blush). Entries starting with "X" were created for this reason.
So you were all witnesses to the second mistake I have ever made. It looks
like it may be snowballing on me :-)
Patrick Botz
Senior Technical Staff Member
IBM Lab Services, Rochester
Security Architecture & Consulting, i5/OS Security Architect
(507) 253-0917, T/L 553-0917
CTC Fax # 507-253-2070
email: botz@xxxxxxxxxx
For more information on CTC, visit our website at
http://www.ibm.com/eserver/services
http://www.ibm.com/servers/eserver/services
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
_____________________________________________________________________________
Scanned by IBM Email Security Management Services powered by MessageLabs.
For more information please visit http://www.ers.ibm.com
_____________________________________________________________________________
ForwardSourceID:NT000538A2
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
