Well Folks, thanks and as usual you've made even me realize my options.
Many of our usrprf's have auditing value of *ALL and *CHANGE so I'll have to change them b4 we can remove the LD/ZC/ZR.
Frank
-----Original Message-----
From: CRPence <CRPbottle@xxxxxxxxx>
To: midrange-l <midrange-l@xxxxxxxxxxxx>
Sent: Fri, Dec 6, 2013 4:47 pm
Subject: Re: QAUJRN - which audlvl creates entry types LD/ZC/ZR?
On 06-Dec-2013 13:04 -0800, Graap, Kenneth wrote:
Auditing actions (ZC ZR audit entries for example) is a function of
QAUDLVL and the AUDLVL setting on the User Profile... <<SNIP>>
The ZC and ZR are "object auditing" vs "action auditing". The Audit
evel controls action auditing; there are seemingly object-specific
racking there however, most notably the three special values:
*CREATE *DELETE *OBJMGT
<
http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/topic/rzarl/rzarlaudobj.htm>
_Planning the auditing of object access_
The i5/OS operating system provides the ability to log accesses to an
bject in the security audit journal by using system values and the
bject auditing values for users and objects. This is called object
uditing.
The QAUDCTL system value, the OBJAUD value for an object, and the OBJAUD
alue for a user profile work together to control object auditing. The
BJAUD value for the object and the OBJAUD value for the user who is
sing the object determine whether a specific access should be logged.
he QAUDCTL system value starts and stops the object auditing function.
..."
<
http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/topic/rzarl/rzarlaudlvl.htm>
_Planning the auditing of actions_
The QAUDCTL (audit control) system value, the QAUDLVL (audit level)
ystem value, the QAUDLVL2 (audit level extension) system value, and the
UDLVL (action auditing) parameter in user profiles work together to
ontrol action auditing.
..."
midrange.com
