Join Network
Categories
Auditing Command Usage by Powerful Users
Article ID: 56637
Posted May 7th, 2008
The AUDLVL (Auditing level) parameter of the CHGUSRAUD command lets us specify, for this user, which activities to audit over. It also shows those activities audited for all system users as specified in the QAUDLVL and QAUDLVL2 system values.
To help us track the CL command usage of a user, the CHGUSRAUD command lets us specify the AUDLVL value of *CMD. If you specify *CMD as one of the user's AUDLVL values, the system will audit every CL command executed by the user. For commands contained in CL programs that were created as *LOG(*NO) and ALWRTVCLSRC(*NO), the entire command string isn't logged, but at least the command name is still logged. For other commands, the entire command is logged to the QAUDJRN journal.
Here is an easy way to set up command auditing for a powerful or inquisitive user:
CHGUSRAUD USRPRF(user-id) +
AUDLVL(*CMD)
Note: The System value QAUDCTL must contain the value *AUDLVL and/or *OBJAUD in order to turn on the i5/OS auditing function.
Bookmark/Search this post with:
- Login to post comments
- Printer-friendly version
Hi Jim,
Unfortunately, most iSeries Navigator functions use the Distributed Program Call (DSTPGMCALL) facility to accomplish the work. These run through the i5/OS Remote Command Server. But even if you monitor the Remote Command Server through Network Exit point programs, the iSeries Navigator transactions are really cryptic.
The good news is that the iSeries Access RMTCMD.exe DOES get logged when logging CL commands for a user. A command run through FTP RCMD is also logged.
So... Jim, Good news and bad news for you. Thank you for your question.
Dan