Re: Researching Audit journal subtype

It may help to start at "Table 152. Standard Heading Fields for Audit Journal Entries" in the Security Reference, and page down to "Entry Types" which are in "Table 153". When the entry type is found, search the PDF for the type in the manner consistent with the headings in the following table(s). For example, when searching the tables after knowing it is a PW entry which is of interest, that is best accomplished by searching the PDF for "PW (" to get directly to the "Table 194" describing the layout of the additional data in the PW entry; that is because the headings are "Table ###. %% (description) Journal Entries".

The /audit/ journal entries use the /Code/ of T; the T designates the class of logging is /Auditing/ related. Contrast that with the J Code which indicates the class of logging is /Journaling/ related; activity specifically involving Journal or Journal Receiver. There are a number of different journal /Type/ values for any T Code.

The information on page 515 was information for T-AF where the AF is for the QAUDLVL *AUTFAIL auditing option. When a *AUTFAIL condition is logged, it *may* be a T-AF entry designating an audited condition associated with an /authority failure/ of some variety. However, the T-PW are an _additional_ class of conditions activated by the *AUTFAIL. These /authority failure/ conditions have their own distinct Type, and that is PW, to denote the authority failure is related specifically to Password handling; the "Table 153" suggests "Invalid password" as its general meaning.

Note: The "Table 126. Security Auditing Journal Entries" shows where the PW is associated with the *AUTFAIL, the Model outfile, and a short description of the subtype\detail for 'R'.

Regards, Chuck