AD (Auditing Change) journal entries

This table provides the format of the AD (Auditing Change) journal entries.

Information from this audit journal entry can be queried with the SYSTOOLS.AUDIT_JOURNAL_AD table function: AUDIT_JOURNAL_AD

Table 1. AD (Auditing Change) journal entries. QASYADJE/J4/J5 Field Description File
Offset Field Format Description
JE J4 J5
1 1 1     Heading fields common to all entry types. See Standard heading fields for audit journal entries QJORDJE5 Record Format (*TYPE5),Standard heading fields for audit journal entries QJORDJE4 Record Format (*TYPE4), and Standard heading fields for audit journal entries QJORDJE2 Record Format (*TYPE2) for field listing.
156 224 610 Entry Type Char(1)
D
CHGDLOAUD command
O
CHGOBJAUD or CHGAUD command
S
The scan attribute was changed using CHGATR command or the Qp0lSetAttr API, or when the object was created.
U
CHGUSRAUD command
157 225 611 Object Name Char(10) Name of the object for which auditing was changed.
167 235 621 Library Name Char(10) Name of the library for the object.
177 245 631 Object Type Char(8) The type of object.
185 253 639 Object Audit Value Char(10) If the entry type is D, O, or U, the field contains the current object audit value. If the entry type is S, the field contains the scan attribute value.
          Current audit values:
195 263 649 CHGUSRAUD *CMD Char(1) Y = Audit commands for this user.
196 264 650 CHGUSRAUD *CREATE Char(1) Y = Write an audit record when this user creates an object.
197 265 651 CHGUSRAUD *DELETE Char(1) Y = Write an audit record when this user deletes an object.
198 266 652 CHGUSRAUD *JOBDTA Char(1) Y = Write an audit record when this user changes a job.
199 267 653 CHGUSRAUD *OBJMGT Char(1) Y = Write an audit record when this user moves or renames an object.
200 268 654 CHGUSRAUD *OFCSRV Char(1) Y = Write an audit record when this user performs office functions.
201 269 655 CHGUSRAUD *PGMADP Char(1) Y = Write an audit record when this user obtains authority through adopted authority.
202 270 656 CHGUSRAUD *SAVRST Char(1) Y = Write an audit record when this user saves or restores objects.
203 271 657 CHGUSRAUD *SECURITY Char(1) Y = Write an audit record when this user performs security-relevant actions.
204 272 658 CHGUSRAUD *SERVICE Char(1) Y = Write an audit record when this user performs service functions.
205 273 659 CHGUSRAUD *SPLFDTA Char(1) Y = Write an audit record when this user manipulates spooled files.
206 274 660 CHGUSRAUD *SYSMGT Char(1) Y = Write an audit record when this user makes systems management changes.
207 275 661 CHGUSRAUD *OPTICAL Char (1) Y = Write an audit record when this user accesses optical devices.
  662 CHGUSRAUD *AUTFAIL Char(1) Y = Write an audit record when this user has an authorization failure.
    663 CHGUSRAUD *JOBBAS Char(1) Y = Write an audit record when this user performs a job base function.
    664 CHGUSRAUD *JOBCHGUSR Char(1) Y = Write an audit record when this user changes a thread's active user profile or its group file.
    665 CHGUSRAUD *NETBAS Char(1) Y = Write an audit record when this user performs network base functions.
    666 CHGUSRAUD *NETCLU Char(1) Y = Write an audit record when this user performs cluster or cluster resource group functions.
    667 CHGUSRAUD *NETCMN Char(1) Y = Write an audit record when this user performs network communications functions.
    668 CHGUSRAUD *NETFAIL Char(1) Y = Write an audit record when this user has a network failure.
    669 CHGUSRAUD *NETSCK Char(1) Y = Write an audit record when this user performs sockets tasks.
    670 CHGUSRAUD *PGMFAIL Char(1) Y = Write an audit record when this user has a program failure.
    671 CHGUSRAUD *PRTDTA Char(1) Y = Write an audit record when this user performs a print function with parameter SPOOL(*NO).
    672 CHGUSRAUD *SECCFG Char(1) Y = Write an audit record when this user performs security configuration.
    673 CHGUSRAUD *SECDIRSRV Char(1) Y = Write an audit record when this user makes changes or updates using directory service functions.
    674 CHGUSRAUD *SECIPC Char(1) Y = Write an audit record when this user makes changes to interprocess communications.
    675 CHGUSRAUD *SECNAS Char(1) Y = Write an audit record when this user performs network authentication service actions.
    676 CHGUSRAUD *SECRUN Char(1) Y = Write an audit record when this user performs security run time functions.
    677 CHGUSRAUD *SECSCKD Char(1) Y = Write an audit record when this user performs socket descriptor functions.
    678 CHGUSRAUD *SECVFY Char(1) Y = Write an audit record when this user uses verification functions.
    679 CHGUSRAUD *SECVLDL Char(1) Y = Write an audit record when this user manipulates validation lists.
    680 CHGUSRAUD *NETSECURE Char(1) Y = Write an audit record when this user establishes a secure connection.
208 276   (Reserved Area) Char(19)  
227 295 681 DLO Name Char(12) Name of the DLO object for which auditing was changed.
239 307 693 (Reserved Area) Char(8)  
247 315 701 Folder Path Char(63) Path of the folder.
310     (Reserved Area) Char(20)  
  378 764 (Reserved Area) Char(18)  
  396 782 Object Name Length 1 Binary(4) The length of the object name.
330 398 784 Object Name CCSID1 Binary(5) The coded character set identifier for the object name.
334 402 788 Object Name Country or Region ID1 Char(2) The Country or Region ID for the object name.
336 404 790 Object Name Language ID1 Char(3) The language ID for the object name.
339 407 793 (Reserved area) Char(3)  
342 410 796 Parent File ID1,2 Char(16) The file ID of the parent directory.
358 426 812 Object File ID1,2 Char(16) The file ID of the object.
374 442 828 Object Name1 Char(512) The name of the object.
  954 1340 Object File ID1 Char(16) The file ID of the object.
  970 1356 ASP Name5 Char(10) The name of the ASP device.
  980 1366 ASP Number5 Char(5) The number of the ASP device.
  985 1371 Path Name CCSID1 Binary(5) The coded character set identifier for the path name.
  989 1375 Path Name Country or Region ID1 Char(2)

The Country or Region ID for the path name.
  991 1377 Path Name Language ID1 Char(3)

The language ID for the path name.
  994 1380 Path Name Length1 Binary(4)

The length of the path name.
  996 1382 Path Name Indicator1 Char(1) Path name indicator:
Y
The Path Name field contains complete absolute path name for the object.
N
The Path Name field does not contain an absolute path name for the object, instead it contains a relative path name. The Relative Directory File ID field is valid and can be used to form an absolute path name with this relative path name.
  997 1383 Relative Directory File ID1, 3 Char(16) When the Path Name Indicator field is N, this field contains the file ID of the directory that contains the object identified in the Path Name field. Otherwise it contains hex zeros.3
  1013 1399 Path Name1, 4 Char(5002) The path name of the object.
    6401 Previous Object Audit Value Char(10) If the entry type is D, O, or U, the field contains the previous audit value.
          Previous audit values:
    6411 CHGUSRAUD *CMD Char(1) Y = Audit commands for this user.
    6412 CHGUSRAUD *CREATE Char(1) Y = Write an audit record when this user creates an object.
    6413 CHGUSRAUD *DELETE Char(1) Y = Write an audit record when this user deletes an object.
    6414 CHGUSRAUD *JOBDTA Char(1) Y = Write an audit record when this user changes a job.
    6415 CHGUSRAUD *OBJMGT Char(1) Y = Write an audit record when this user moves or renames an object.
    6416 CHGUSRAUD *OFCSRV Char(1) Y = Write an audit record when this user performs office functions.
    6417 CHGUSRAUD *PGMADP Char(1) Y = Write an audit record when this user obtains authority through adopted authority.
    6418 CHGUSRAUD *SAVRST Char(1) Y = Write an audit record when this user saves or restores objects.
    6419 CHGUSRAUD *SECURITY Char(1) Y = Write an audit record when this user performs security-relevant actions.
    6420 CHGUSRAUD *SERVICE Char(1) Y = Write an audit record when this user performs service functions.
    6421 CHGUSRAUD *SPLFDTA Char(1) Y = Write an audit record when this user manipulates spooled files.
    6422 CHGUSRAUD *SYSMGT Char(1) Y = Write an audit record when this user makes system management changes.
    6423 CHGUSRAUD *OPTICAL Char(1) Y = Write an audit record when this user accesses optical devices.
    6424 CHGUSRAUD *AUTFAIL Char(1) Y = Write an audit record when this user has an authorization failure.
    6425 CHGUSRAUD *JOBBAS Char(1) Y = Write an audit record when this user performs a job base function.
    6426 CHGUSRAUD *JOBCHGUSR Char(1) Y = Write an audit record when this user changes a thread's active user profile.
    6427 CHGUSRAUD *NETBAS Char(1) Y = Write an audit record when this user performs network base functions.
    6428 CHGUSRAUD *NETCLU Char(1) Y = Write an audit record when this user performs cluster or cluster resource group functions.
    6429 CHGUSRAUD *NETCMN Char(1) Y = Write an audit record when this user performs network communications functions.
    6430 CHGUSRAUD *NETFAIL Char(1) Y = Write an audit record when this user has a network failure.
    6431 CHGUSRAUD *NETSCK Char(1) Y = Write an audit record when this user performs sockets tasks.
    6432 CHGUSRAUD *PGMFAIL Char(1) Y = Write an audit record when this user has a program failure.
    6433 CHGUSRAUD *PRTDTA Char(1) Y = Write an audit record when this user performs a print function with parameter SPOOL(*NO)
    6434 CHGUSRAUD *SECCFG Char(1) Y = Write an audit record when this user performs security configuration.
    6435 CHGUSRAUD *SECDIRSRV Char(1) Y = Write an audit record when this user makes changes or updates using directory service functions.
    6436 CHGUSRAUD *SECIPC Char(1) Y = Write an audit record when this user makes changes to interprocess communications.
    6437 CHGUSRAUD *SECNAS Char(1) Y = Write an audit record when this user performs network authentication service actions.
    6438 CHGUSRAUD *SECRUN Char(1) Y = Write an audit record when this user performs security run time functions.
    6439 CHGUSRAUD *SECSCKD Char(1) Y = Write an audit record when this user performs socket descriptor functions.
    6440 CHGUSRAUD *SECVFY Char(1) Y = Write an audit record when this user uses verification functions.
    6441 CHGUSRAUD *SECVLDL Char(1) Y = Write an audit record when this user manipulates validation lists.
    6442 CHGUSRAUD *NETSECURE Char(1) Y = Write an audit record when this user establishes a secure connection.
    6443 CHGUSRAUD *NETUDP Char(1) Y = Write an audit record for UDP inbound and outbound traffic for this user.
    Start of change6444End of change Start of changeCHGUSRAUD *AUTWARNEnd of change Start of changeChar(1)End of change Start of changeY = Write an audit record for authority warnings for this user.End of change
          End of previous audit values
    Start of change6445End of change Reserved Start of changeChar(9)End of change Not used
    6454 CHGUSRAUD *NETUDP Char(1) Current audit value. Y = Write an audit record for UDP inbound and outbound traffic for this user.
    Start of change6455End of change Start of changeCHGUSRAUD *AUTWARNEnd of change Start of changeChar(1)End of change Start of changeCurrent audit value. Y = Write an audit record for authority warnings for this user.End of change
1
These fields are used only for objects in the "root" (/), QOpenSys, and user-defined file systems.
2
An ID that has the left-most bit set and the rest of the bits zero indicates that the ID is NOT set.
3
If the Path Name Indicator field is N, but the Relative Directory File ID is hex zeros, then there was some error in determining the path name information.
4
This is a variable length field. The first two bytes contain the length of the path name.
5
If the object is in a library, this is the ASP information of the object's library. If the object is not in a library, this is the ASP information of the object.