(Mr. Professor hat: *ON)
I'd stick with "15 times the size of" rather than "fifteen orders of magnitude"... Not the same thing...
An order of magnitude is x10, two orders of magnitude is x100, and so forth. Fifteen is x1000000000000000, or 10^15...
Just getting that off my chest... <vbg>
-Eric
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Monday, August 15, 2011 1:46 PM
To: Midrange Systems Technical Discussion
Subject: Re: Audit of usrprf's
I will say this.
1 - We find the spool auditing helpful. We did find a user who was using
an Infor option to look at an output queue instead of just his spool
files. He was deleting all spool files in the output queue. He was
re-educated.
2 - My boss, progressive as he is, fought auditing because of concerns
about performance and disk storage. He had valid concerns. When we
started using a HA solution and had to audit people went nuts over the
audit capability. They request more detail, and longer retention than the
HA solution needs. Our journal library is fifteen orders of magnitude
larger than our main ERP data library.
PRTDSKINF *LIB...
% of Size in
Library Owner Disk 1000 bytes
#MXJRN MIMIXOWN 24.68 1566605676.5
QGPL QSYS 4.61 292850380.8
ERPLXF SSA 1.57 99703386.1
...
And adding the following significantly helped our system performance. Much
more so than SSD's.
Resource
ID Option Feature Description
5770SS1 42 5117 HA Journal Performance
It isn't free.
But what's a few terabytes here and there?
Rob Berendt
--
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: Steve Martinson <smartinson66@xxxxxxxxx>
To: midrange-l@xxxxxxxxxxxx
Date: 08/15/2011 01:32 PM
Subject: Re: Audit of usrprf's
Sent by: midrange-l-bounces@xxxxxxxxxxxx
Frank,
That article I wrote a few years ago where *USRPRF would be the
default/minimum object auditing value allows you to track all accesses for
a
user that has had auditing turned on via the CHGUSRAUD command. That is,
if
you don't have an HA solution like MIMIX in place. HA tools invariably
require *CHANGE object auditing on objects in order to process/duplicate
object changes to the target box.
Having all of those values set in QAUDLVL is really an audit/security
person's "utopia" in that, if your system can accommodate the QAUDJRN
receiver data volume, it's better to have the log data and not need it
than
to need it and not have it. In practice these days, I would not set
*PRTDTA
or *SPLFDTA unless you had reason to suspect nefarious activity on
sensitive
spool files and even then, only turn it on for a short period of time, do
the analysis, and turn it off.
I think your best bet is to go ahead with the CHGUSRAUD change for the
profiles you need to monitor and then determine which (if any) files on
your
system need to be monitored for "read" actions (OBJAUD = *ALL). It is not
likely that you would be able to get away with *ALL object auditing across
the board.
--
Regards,
Steve
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.