Editing the IBM i Audit file list
You can edit the IBM i Audit file list.
- From the Security page, click the ellipse to the right of the endpoint for which you want to edit the IBM i Audit file list.
- Click Edit IBM i Audit File List.
- Enable the Edit IBM i security auditing control to enable auditing. Disable this control to disable auditing.
-
The Edit IBM i Audit File List page lists the
directories and files that belong to the endpoint.
A check mark on the directory folder icon indicates that one or more files in this directory are monitored.
- Double-click the directory to list the files. All the files in the directory are listed.
-
The following options are available from the menus:
- OBJAUD
-
Specifies the object auditing value to associate with the object.
Possible values:
- *NONE. Using or changing this object does not cause an audit entry to be sent to the security journal.
- *USRPRF. The user profile of the user accessing this object is used to determine if an audit record is be sent for this access.
- *CHANGE. All change accesses to this object by all users are logged.
- *ALL. All change or read accesses to this object by all users are logged.
- SUBTREE
-
Specifies whether or not to change the specified attribute of the objects within the subtree if the object is a directory.
Possible values:
- *NONE. The objects have the attribute changed. If the object is a directory, it has the attribute changed, but its contents do not have the attribute changed.
- *ALL. The objects have the attribute changed. If the object is a directory, its contents as well as the contents of all of its subdirectories have the attribute changed.
- CRTOBJAUD
-
Specifies the auditing value of objects created in this directory. A library must be monitored in order to track CRTOBJAUD. CRTOBJAUD affects the auditing value of new objects only, it does not change the auditing value of objects that already exist in the library.
Possible values:
- SYSVAL. The object auditing value for the objects created in the directory is determined by the Create object auditing (QCRTOBJAUD) system value.
- *NONE. Using or changing this object does not cause an audit entry to be sent to the security journal.
- *USRPRF. The user profile of the user accessing this object is used to determine if an audit record is sent for this access. The OBJAUD parameter of the Change User Auditing (CHGUSRAUD) command is used to change the auditing for a specific user.
- *CHANGE. All change accesses to this object by all users are logged.
- *ALL. All change or read accesses to this object by all users are logged.
- Click Save to save your changes.