×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Timothy -
Delete the file and turn on security audit journaling.
The next time it happens you will be able to determine for certain which
user id created the file.
The instructions (at least for V5R4) are in the link I posted earlier (and
again here).
https://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=%2Frzamv%2Frzamvsetsecaudit.htm
- sjl
Timothy wrote:
Thank you to all who have responded.
I appreciate any and all thoughts on this.
QAUDJRN definitely doesn't exist on our system so while that could help in
the future, it's no help with this situation. I have full authority of
the
system (*SECOFR, *ALLOBJ, *JOBCTL, *SECADM, etc.), and even if I didn't,
there are ways... (but don't quote me on that :-) ).
I checked QSYSOPR msg queue and there were no msgs anywhere near the
creation timestamp.
The only thing that I can find that's even a remote possibility is a
name-brand utility on our system that was running its Update process when
the file creation occurred. It runs an X-Ref refresh of the libraries
that
have been setup to be monitored. It refreshes the cross reference
libraries
with any changed source/object information in the designated libraries. I
would prefer not to mention the name of the product.
As an Amazon Associate we earn from qualifying purchases.