Action auditing
For an individual user, you can specify which security-relevant actions should be recorded in the audit journal. The actions specified for an individual user apply in addition to the actions specified for all users by the QAUDLVL and QAUDLVL2 system values.
- Add User prompt:
- Not shown
- CL parameter:
- AUDLVL
- Length:
- 640
Action auditing for a user profile cannot be specified on any user profile displays. It is defined using the CHGUSRAUD command. Only a user with *AUDIT special authority can use the CHGUSRAUD command.
Note: Consider
using the CHGUSRAUD command to set action auditing on your security
officer and other highly privileged users. Auditing the actions of
the security officers and other privileged users is recommended as
these users will be authorized to perform many or all system functions.
They also have access to highly sensitive data objects on the server.
*NONE | The QAUDLVL system value controls action auditing for this user. No additional auditing is done. |
*NOTAVL | This value is displayed to indicate that the parameter value is not available to the user because the user does not have either *AUDIT or *ALLOBJ special authority. The parameter value cannot be set to this value. |
*AUTFAIL | Authorization failures are audited. |
*CMD | Command strings are logged. *CMD can be specified only for individual users. Command string auditing is not available as a system-wide option using the QAUDLVL system value. |
*CREATE | Object create operations are logged. |
*DELETE | Object delete operations are logged. |
*JOBBAS | Job base functions are audited. |
*JOBCHGUSR | Changes to a thread's active user profile or its group profiles are audited. |
*JOBDTA1 | Job changes are logged. |
*OBJMGT | Object move and rename operations are logged. |
*OFCSRV | Changes to the system distribution directory and office mail actions are logged. |
*NETBAS | Network base functions are audited. |
*NETCLU | Cluster or cluster resource group operations are audited. |
*NETCMN 3 | Networking and communications functions are audited. |
*NETFAIL | Network failures are audited. |
*NETSCK | Sockets tasks are audited. |
*NETSECURE | Secure network connections are audited. |
*NETUDP | User Datagram Protocol (UDP) traffic is audited. |
*OPTICAL | All optical functions are audited. |
*PGMADP | Obtaining authority to an object through a program that adopts authority is logged. |
*PGMFAIL | Program failures are audited. |
*PRTDTA | Printing functions with parameter SPOOL(*NO) are audited. |
*SAVRST | Save and restore operations are logged. |
*SECCFG | Security configuration is audited. |
*SECDIRSRV | Changes or updates when doing directory service functions are audited. |
*SECIPC | Changes to interprocess communications are audited. |
*SECNAS | Network authentication service actions are audited. |
*SECRUN | Security run time functions are audited. |
*SECSCKD | Socket descriptors are audited. |
*SECURITY2 | Security-related functions are logged. |
*SECVFY | Use of verification functions are audited. |
*SECVLDL | Changes to validation list objects are audited. |
*SERVICE | Using service tools is logged. |
*SPLFDTA | Actions performed on spooled files are logged. |
*SYSMGT | Use of systems management functions is logged. |
|