SCNAUDLOG Scan Audit Log

SCNAUDLOG SCAN AUDIT LOG TAASEHJ
The Scan Audit Log command provides a different method of displaying or listing audit entries from the Audit Log data base file provided by the AUDLOG tool. In addition to standard selection fields such as date, time, user profile, etc, SCNAUDLOG allows a search on the entry data field. This can be particularly helpful for the 'T' Journal code (audit entries) where most of the data is in the entry data field. You must be using the AUDLOG tool which provides conversion from the QAUDJRN journal entries to the AUDLOG data base files. You must have *USE authority to the AUDLOGP file. A typical SCNAUDLOG command would be: SCNAUDLOG SEARCH(PAYROLL) If you had been auditing the PAYROLL file for *CHANGE action (see the later discussion), you would see all of the current entries for changes to the PAYROLL file. A display would appear that is similar to that used by DSPAUDLOG for the audit entries containing the value 'PAYROLL' in the entry data. A listing may be optionally output. Note that though the AUDLOGP file has a field for object name (AUOBJ), most of the audit entries do not fill this field. Instead, the name of the object is within in the entry data field. Auditing entries ---------------- Auditing journal entries are optional and occur if you have specified auditing system values and the CHGOBJAUD or CHGUSRAUD commands. For an overview of auditing on the system, see the TAA documentation member AUDITING. SCNAUDLOG escape messages you can monitor for --------------------------------------------- None. Escape messages from based on functions will be re-sent. SCNAUDLOG Command parameters *CMD ---------------------------- SEARCH The value to be searched for in the entry data field of the converted journal entry. *ALL is the default to request any entries that match the other selection criteria. The field that is scanned is the AUDATA field in AUDLOGP. AUDLOGP must be created by the CRTAUDLOG command of the AUDLOG tool. This field is a fixed length field in AUDLOGP. You can vary the length of AUDATA for all records by use of the ENTDTALEN parameter on CRTAUDLOG. If the field length is shorter than the entry data of the journal entry, truncation will occur and any excess data will not be scanned for. AUDLOGLIB The library where the AUDLOGP file exists. *LIBL is the default. A specific name or *CURLIB may be entered. The AUDLOGP file must be created by the AUDLOG tool (CRTAUDLOG command) and entries must be converted to the AUDLOGP file using one of the CVTAUDLOG commands. PERIOD The Begin/End Date/Time values to select on. The 'Beginning time' value defaults to *AVAIL meaning the Begin Time value is not considered. If a time is entered, it is used in conjunction with the 'Beginning Date' to determine selection. The 'Beginning Date' value defaults to *CURRENT meaning the current date. *BEGIN may be entered to mean the first record in the AUDLOGP file. If a date is entered, it must be in job format and is used in conjunction with the 'Beginning Time' to determine selection. The 'Ending time' value defaults to *AVAIL meaning the End Time value is not considered. If a time is entered, it is used in conjunction with the 'Ending Date' to determine selection. The 'Ending Date' value defaults to *END meaning the End Date value is not considered. If a date is entered it must be in job format, and is used in conjunction with the 'Ending Time' to determine selection. JOB The job name to be selected. *ALL is the default meaning all jobs. USER The user profile to be selected. *ALL is the default meaning all user profiles. The user is the one who caused the entry and may not be the user of the job. If a user profile swap occurs, the user name will differ from the user name of the qualified job name. JRNCDE A 3 part parameter to select the journal code, type, and subtype. *ALL is the default for journal code meaning all journal codes. This will include some general journal codes such as 'J' meaning the entry relates to the journal. The journal code for audit entries is 'T'. *ALL is the default for journal entry types meaning all journal entry types such as 'AF' for audit failure. A specific entry type may be named. *ALL is the default for journal entry sub type meaning all sub types. A specific sub type type may be named. Only the journal entries of JOCODE = T, provide a sub type. If a sub type is entered, the journal code and journal type may not be *ALL. PGM The program that caused the entry. The default is *ALL meaning all programs are considered. In some entries the program name may be blank. If a command is entered from a command entry display, the program may appear as QCMD or the program name of a higher program in the stack. SYSTEM The system name on which the entry occurred. The default is *CURRENT meaning the current system. The AUDLOG tool allows the entries from multiple systems to be placed in a single AUDLOGP file. OUTPUT How to output the results. * is the default to display the entries if the command is entered interactively. If the command is entered in batch or *PRINT is specified, a spooled file is output. Restrictions ------------ You must be using the AUDLOG tool. Prerequisites ------------- The following TAA Tools must be on your system: AUDLOG Audit log CRTDUPPF Create duplicate data base file CVTDAT Convert date CVTDSPDTA Convert display data CVTTIM Convert time DSPDBFDTA Display data base file data DSPJRNCDE Display journal code EDTVAR Edit variable FILEFDBCK File feedback HLRMVMSG HLL Remove message RTVDAT Retrieve date RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- SCNAUDLOG *CMD TAASEHJ QATTCMD TAASEHJC *PGM CLP TAASEHJC QATTCL TAASEHJR *PGM RPG TAASEHJR QATTRPG TAASEHJR2 *PGM RPG TAASEHJR2 QATTRPG TAASEHJD *FILE DSPF TAASEHJD QATTDDS


SCNAUDLOG SCAN AUDIT LOG TAASEHJ
The Scan Audit Log command provides a different method of displaying or listing audit entries from the Audit Log data base file provided by the AUDLOG tool. In addition to standard selection fields such as date, time, user profile, etc, SCNAUDLOG allows a search on the entry data field. This can be particularly helpful for the 'T' Journal code (audit entries) where most of the data is in the entry data field. You must be using the AUDLOG tool which provides conversion from the QAUDJRN journal entries to the AUDLOG data base files. You must have USE authority to the AUDLOGP file. A typical SCNAUDLOG command would be: SCNAUDLOG SEARCH(PAYROLL) If you had been auditing the PAYROLL file for CHANGE action (see the later discussion), you would see all of the current entries for changes to the PAYROLL file. A display would appear that is similar to that used by DSPAUDLOG for the audit entries containing the value 'PAYROLL' in the entry data. A listing may be optionally output. Note that though the AUDLOGP file has a field for object name (AUOBJ), most of the audit entries do not fill this field. Instead, the name of the object is within in the entry data field. Auditing entries ---------------- Auditing journal entries are optional and occur if you have specified auditing system values and the CHGOBJAUD or CHGUSRAUD commands. For an overview of auditing on the system, see the TAA documentation member AUDITING. SCNAUDLOG escape messages you can monitor for --------------------------------------------- None. Escape messages from based on functions will be re-sent. SCNAUDLOG Command parameters CMD ---------------------------- SEARCH The value to be searched for in the entry data field of the converted journal entry. ALL is the default to request any entries that match the other selection criteria. The field that is scanned is the AUDATA field in AUDLOGP. AUDLOGP must be created by the CRTAUDLOG command of the AUDLOG tool. This field is a fixed length field in AUDLOGP. You can vary the length of AUDATA for all records by use of the ENTDTALEN parameter on CRTAUDLOG. If the field length is shorter than the entry data of the journal entry, truncation will occur and any excess data will not be scanned for. AUDLOGLIB The library where the AUDLOGP file exists. LIBL is the default. A specific name or CURLIB may be entered. The AUDLOGP file must be created by the AUDLOG tool (CRTAUDLOG command) and entries must be converted to the AUDLOGP file using one of the CVTAUDLOG commands. PERIOD The Begin/End Date/Time values to select on. The 'Beginning time' value defaults to AVAIL meaning the Begin Time value is not considered. If a time is entered, it is used in conjunction with the 'Beginning Date' to determine selection. The 'Beginning Date' value defaults to CURRENT meaning the current date. BEGIN may be entered to mean the first record in the AUDLOGP file. If a date is entered, it must be in job format and is used in conjunction with the 'Beginning Time' to determine selection. The 'Ending time' value defaults to AVAIL meaning the End Time value is not considered. If a time is entered, it is used in conjunction with the 'Ending Date' to determine selection. The 'Ending Date' value defaults to END meaning the End Date value is not considered. If a date is entered it must be in job format, and is used in conjunction with the 'Ending Time' to determine selection. JOB The job name to be selected. ALL is the default meaning all jobs. USER The user profile to be selected. ALL is the default meaning all user profiles. The user is the one who caused the entry and may not be the user of the job. If a user profile swap occurs, the user name will differ from the user name of the qualified job name. JRNCDE A 3 part parameter to select the journal code, type, and subtype. ALL is the default for journal code meaning all journal codes. This will include some general journal codes such as 'J' meaning the entry relates to the journal. The journal code for audit entries is 'T'. ALL is the default for journal entry types meaning all journal entry types such as 'AF' for audit failure. A specific entry type may be named. ALL is the default for journal entry sub type meaning all sub types. A specific sub type type may be named. Only the journal entries of JOCODE = T, provide a sub type. If a sub type is entered, the journal code and journal type may not be ALL. PGM The program that caused the entry. The default is ALL meaning all programs are considered. In some entries the program name may be blank. If a command is entered from a command entry display, the program may appear as QCMD or the program name of a higher program in the stack. SYSTEM The system name on which the entry occurred. The default is CURRENT meaning the current system. The AUDLOG tool allows the entries from multiple systems to be placed in a single AUDLOGP file. OUTPUT How to output the results. is the default to display the entries if the command is entered interactively. If the command is entered in batch or PRINT is specified, a spooled file is output. Restrictions ------------ You must be using the AUDLOG tool. Prerequisites ------------- The following TAA Tools must be on your system: AUDLOG Audit log CRTDUPPF Create duplicate data base file CVTDAT Convert date CVTDSPDTA Convert display data CVTTIM Convert time DSPDBFDTA Display data base file data DSPJRNCDE Display journal code EDTVAR Edit variable FILEFDBCK File feedback HLRMVMSG HLL Remove message RTVDAT Retrieve date RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- SCNAUDLOG CMD TAASEHJ QATTCMD TAASEHJC PGM CLP TAASEHJC QATTCL TAASEHJR PGM RPG TAASEHJR QATTRPG TAASEHJR2 PGM RPG TAASEHJR2 QATTRPG TAASEHJD FILE DSPF TAASEHJD QATTDDS

Added to TAA Productivity Tools March 21, 2008

Home Page

Last modified on October 10, 2008