Hi Darryl,

The following query will show you the # of Audit Entry types by date and
user.
It only lists entry types 'AF PW CA CO CD' between 1/21/2023 and 1/23/2023.

SELECT
Date(ENTRY_TIMESTAMP) as ENTRY_DATE,
CURRENT_USER as CURRENT_USER,
JOURNAL_ENTRY_TYPE as JOURNAL_ENTRY_TYPE,
COUNT(*)
FROM TABLE (
QSYS2.Display_Journal(
'QSYS', 'QAUDJRN',
STARTING_RECEIVER_NAME => '*CURCHAIN',
STARTING_TIMESTAMP => '2023-01-21-00.00.00.000000',

ENDING_TIMESTAMP => '2023-01-23-23.59.59.999999',

JOURNAL_CODES => 'T',
JOURNAL_ENTRY_TYPES => 'AF PW CA CO CD'
) ) AS X
GROUP BY Date(ENTRY_TIMESTAMP),
CURRENT_USER,
JOURNAL_ENTRY_TYPE
ORDER BY Date(ENTRY_TIMESTAMP),
CURRENT_USER,
JOURNAL_ENTRY_TYPE

You can get the detail of these entries by using some IBM I Services that
exist for different entries.

Example table function AUDIT_JOURNAL_AF returns data for Authority Failures.

https://www.ibm.com/docs/en/i/7.5?topic=services-audit-journal-af-table-func
tion

You can also use the CPYAUDJRNE command that creates an output file for each
Audit Code you list if you prefer.

If you're trying to see what Programmers or Admins are doing, the best entry
to look at is CD (Command String) that logs all of the commands they run.
Note this does require *CMD auditing be assigned to the profile using the
CHGUSRAUD command.

Rob

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
stefan@xxxxxxxxxx
Sent: Tuesday, January 24, 2023 9:11 AM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Programs or similar to display the system audit log

Hi Darryl,

Can someone guide me where to find some code to analyse the system audit
log?

Assuming you have the proper auditing set up, a good starting point would be
starting with IBM Navigator for i, Audit Journal Entries.
Here you will have some good options to investigate.


Best regards

Stefan

--
No trees were killed in the sending of this message, but a large number of
electrons were terribly upset.

Stefan Tageson
+46 732 369934
stefan@xxxxxxxxxx


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2023 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.