Using the security audit journal

The security audit journal is the primary source of auditing information about the system. This section describes how to plan, set up, and manage security auditing, what information is recorded, and how to view that information.

A security auditor inside or outside your organization can use the auditing function that is provided by the system to gather information about security-related events that occur on the system.

You can define auditing on your system at three different levels:
  • System-wide auditing that occurs for all users.
  • Auditing that occurs for specific objects.
  • Auditing that occurs for specific users.

You use system values, user profile parameters, and object parameters to define auditing. Planning security auditing describes how to do this.

When a security-related event that might be audited occurs, the system checks whether you have selected that event for audit. If you have, the system writes a journal entry in the current receiver for the security auditing journal (QAUDJRN in library QSYS).

When you want to analyze the audit information you have collected in the QAUDJRN journal, you can use the Display Journal (DSPJRN) command. With this command, information from the QAUDJRN journal can be written to a database file. You can use an application program or a query tool to analyze the data.