Auditing Level Extension (QAUDLVL2)

The Auditing Level Extension (QAUDLVL2) system value is required when more than sixteen auditing values are needed.

Specifying *AUDLVL2 as one of the values in the QAUDLVL system value will cause the system to also look for auditing values in the QAUDLVL2 system value. You can specify more than one value for the QAUDLVL2 system value, unless you specify *NONE. For the QAUDLVL2 system value to take effect, the QAUDCTL system value must include *AUDLVL and the QAUDLVL system value must include *AUDLVL2.

Note: This system value is a restricted value. See Security system values for details on how to restrict changes to security system values and a complete list of the restricted system values.
Table 1. Possible values for the QAUDLVL2 system value
*NONE No auditing values are contained in this system value.
*NOTAVL This value is displayed to indicate that the system value is not available to the user because the user does not have either *AUDIT or *ALLOBJ special authority. The system value cannot be set to this value.
*ATNEVT Attention events are logged.
*AUTFAIL Authority failure events are logged.
*CREATE Object create operations are logged.
*DELETE Object delete operations are logged.
*JOBBAS Job base functions are audited.
*JOBCHGUSR Changes to a thread's active user profile or its group profiles are audited.
*JOBDTA Actions that affect a job are logged.

*JOBDTA is composed of two values, which are *JOBBAS and *JOBCHGUSR, to enable you to better customize your auditing. If both of the values are specified, you will get the same auditing as if just *JOBDTA is speicified.

*NETBAS Network base functions are audited.
*NETCLU Cluster and cluster resource group operations are audited.
*NETCMN Network and communication functions are audited.

*NETCMN is composed of several values to allow you to better customize your auditing. The following values make up *NETCMN:

*NETBAS
*NETCLU
*NETFAIL
*NETSCK

*NETFAIL Network failures are audited.
*NETSCK Socket tasks are audited.
*OBJMGT Object move and rename operations are logged.
*OFCSRV Changes to the system distribution directory and office mail actions are logged.
*OPTICAL Use of Optical Volumes is logged.
*PGMADP Obtaining authority from a program that adopts authority is logged.
*PGMFAIL System integrity violations are logged.
*PRTDTA Printing a spooled file, sending output directly to a printer, and sending output to a remote printer are logged.
Start of change*PTFOBJEnd of change Start of changeChanges to PTF objects are logged.End of change
Start of change*PTFOPREnd of change Start of changePTF operations are logged.End of change
*SAVRST Restore operations are logged.
*SECCFG Security configuration is audited.
*SECDIRSRV Changes or updates when doing directory service functions are audited.
*SECIPC Changes to interprocess communications are audited.
*SECNAS Network authentication service actions are audited.
*SECRUN Security run time functions are audited.
*SECSCKD Socket descriptors are audited.
*SECURITY Security-related functions are logged.

*SECURITY is composed of several values to allow you to better customize your auditing. The following values make up *SECURITY:

*SECCFG
*SECDIRSRV
*SECIPC
*SECNAS
*SECRUN
*SECSCKD
*SECVFY
*SECVLDL

*SECVFY Use of verification functions are audited.
*SECVLDL Changes to validation list objects are audited.
*SERVICE Using service tools is logged.
*SPLFDTA Actions performed on spooled files are logged.
*SYSMGT Use of systems management functions is logged.