Chuck, here at Centerfield we were toying with the idea of adding that feature to one of our products. I don't recall how high in the development priority list it got though. I could get you in touch with some people here and perhaps you can escalate it enough so it gets done. Let me know if you're interested. Elvis -----Original Message----- Subject: [Security400] SQL and IT Controls Group: We are attempting to wrestle with a final Sarbanes Oxley issue relating to SQL, specifically using STRSQL via the command line. While STRSQL is restricted to those who have a business need to use it, our problem relates to the potential for data manipulation and changes that are not logged. Our development staff can use it (but not update production data) but our security officers can of course use it, AND update production data. It is NOT practical for us to journal all of our production data libraries. While I do have STRSQL command usage logged via the OS/400 audit journal, (we know who uses it and when) it does not provide the log of activity within the STRSQL session. Are there any tools on the market that can log the activity within the STRSQL session? Any feedback you can provide would be GREATLY appreciated! Chuck Bower VP of IS Coachmen Technology Services, Inc.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.