Security auditing journal entries
This topic provides information about the journal entries that are written for the action auditing values specified on the QAUDLVL and QAUDLVL2 system values and in the user profile.
It shows:
- The type of entry written to the QAUDJRN journal.
- The model database output file that can be used to define the record when you create an output file with the DSPJRN command. Complete layouts for the model database outfiles are found in Layout of audit journal entries.
- The detailed entry type. Some journal entry types are used to log more than one type of event. The detailed entry type field in the journal entry identifies the type of event.
- The ID of the message that can be used to define the entry-specific information in the journal entry.
Action or object auditing value | Journal entry type | Model database outfile | Detailed entry | Description |
---|---|---|---|---|
Action Auditing: | ||||
*ATNEVT | IM | QASYIMJ5 | P | A potential intrusion has been detected. Further evaluation is required to determine if this is an actual intrusion or an expected and permitted action. |
*AUTFAIL | AF | QASYAFJE/J4/J5 | A | An attempt was made to access an object or perform an operation to which the user was not authorized. |
B | Restricted instruction | |||
C | Validation failure | |||
D | Use of unsupported interface, object domain failure | |||
E | Hardware storage protection error, program constant space violation | |||
F | ICAPI authorization error. | |||
G | ICAPI authentication error. | |||
H | Scan exit program action. | |||
I | System Java inheritance not allowed | |||
J | An attempt was made to submit or schedule a job under a job description which has a user profile specified. The submitter did not have *USE authority to the user profile. | |||
K | An attempt was made to perform an operation for which the user did not have the required special authority. | |||
N | The profile token was not a regenerable profile token. | |||
O | Optical Object Authority failure | |||
P | An attempt was made to use a profile handle that is not valid on the QWTSETP API. | |||
R | Hardware protection error | |||
S | Default signon attempt. | |||
T | Not authorized to TCP/IP port. | |||
U | A user permission request was not valid. | |||
V | The profile token was not valid for generating new profile token. | |||
W | The profile token was not valid for exchange. | |||
X | System violation, see description of AF (Authority Failure) journal entries for details | |||
Y | Not authorized to the current JUID field during a clear JUID operation. | |||
Z | Not authorized to the current JUID field during a set JUID operation. | |||
CV | QASYCVJ4/J5 | E | Connection ended abnormally. | |
R | Connection rejected. | |||
DI | QASYDIJ4/J5 | AF | Authority failures. | |
PW | Password failures. | |||
GR | QASYGRJ4/J5 | F | Function registration operations. | |
KF | QASYKFJ4/J5 | P | An incorrect password was entered. | |
IP | QASYIPJE/J4/J5 | F | Authority failure for an IPC request. | |
PW | QASYPWJE/J4/J5 | A | APPC bind failure. | |
C | CHKPWD failure. | |||
D | An incorrect service tool user ID was entered. | |||
E | An incorrect service tool user ID password was entered. | |||
P | An incorrect password was entered. | |||
Q | Attempted signon (user authentication) failed because user profile was disabled. | |||
R | Attempted signon (user authentication) failed because password was expired. | |||
S | SQL decrypt a password that was not valid. | |||
U | User name not valid. | |||
X | Service tools user is disabled. | |||
Y | Service tools user not valid. | |||
Z | Service tools password not valid. | |||
VC | QASYVCJE/J4/J5 | R | A connection was rejected because of incorrect password. | |
VO | QASYVOJ4/J5 | U | Unsuccessful verification of a validation list entry. | |
VN | QASYVNJE/J4/J5 | R | A network logon was rejected because of expired account, incorrect hours, incorrect user ID, or incorrect password. | |
VP | QASYVPJE/J4/J5 | P | An incorrect network password was used. | |
X1 | QASYX1J5 | F | Delegate of identity token failed. | |
U | Get user from identity token failed. | |||
XD | QASYXDJ5 | G | Group names (associated with DI entry) | |
*CMD 1 | CD | QASYCDJE/J4/J5 | C | A command was run. |
L | An S/36E control language statement was run. | |||
O | An S/36E operator control command was run. | |||
P | An S/36E procedure was run. | |||
S | Command run after command substitution took place. | |||
U | An S/36E utility control statement was run. | |||
*CREATE 2 | AU | QASYAUJ5 | A | Add of an EIM association. |
CO | QASYCOJE/J4/J5 | N | Creation of a new object, except creation of objects in QTEMP library. | |
R | Replacement of existing object. | |||
DI | QASYDIJ4/J5 | CO | Object created. | |
XD | QASYXDJ5 | G | Group names (associated with DI entry) | |
*DELETE 2 | AU | QASYAUJ5 | A | Remove of an EIM association. |
DO | QASYDOJE/J4/J5 | A | Object deleted. | |
C | Pending delete committed. | |||
D | Pending create rolled back. | |||
P | Delete pending. | |||
R | Pending delete rolled back. | |||
DI | QASYDIJ4/J5 | DO | Object deleted. | |
XD | QASYXDJ5 | G | Group names (associated with DI entry) | |
*JOBBAS | JS | QASYJSJ5 | A | The ENDJOBABN command was used. |
B | A job was submitted. | |||
C | A job was changed. | |||
E | A job was ended. | |||
H | A job was held. | |||
I | A job was disconnected. | |||
N | The ENDJOB command was used. | |||
P | A program start request was attached to a prestart job. | |||
Q | Query attributes changed. | |||
R | A held job was released. | |||
S | A job was started. | |||
U | CHGUSRTRC command. | |||
*JOBCHGUSR | JS | QASYJSJ5 | M | Change profile or group profile. |
T | Change profile or group profile using a profile token. | |||
*JOBDTA | JS | QASYJSJE/J4/J5 | A | The ENDJOBABN command was used. |
B | A job was submitted. | |||
C | A job was changed. | |||
E | A job was ended. | |||
H | A job was held. | |||
I | A job was disconnected. | |||
M | Change profile or group profile. | |||
N | The ENDJOB command was used. | |||
P | A program start request was attached to a prestart job. | |||
Q | Query attributes changed. | |||
R | A held job was released. | |||
S | A job was started. | |||
T | Change profile or group profile using a profile token. | |||
U | CHGUSRTRC command. | |||
SG | QASYSGJE/J4/J5 | A | Asynchronous IBM i signal process. | |
P | Asynchronous Private Address Space Environment (PASE) signal processed. | |||
VC | QASYVCJE/J4/J5 | S | A connection was started. | |
E | A connection was ended. | |||
VN | QASYVNJE/J4/J5 | F | Logoff requested. | |
O | Logon requested. | |||
VS | QASYVSJE/J4/J5 | S | A server session was started. | |
E | A server session was ended. | |||
*NETBAS | CV | QASYCVJE/J4/J5 | C | Connection established. |
E | Connection ended normally. | |||
R | Rejected connection. | |||
IR | QASYIRJ4/J5 | L | IP rules have been loaded from a file. | |
N | IP rules have been unloaded for an IP Security connection. | |||
P | IP rules have been loaded for an IP Security connection. | |||
R | IP rules have been read and copied to a file. | |||
U | IP rules have been unloaded (removed). | |||
IS | QASYISJ4/J5 | 1 | Phase 1 negotiation. | |
2 | Phase 2 negotiation. | |||
ND | QASYNDJE/J4/J5 | A | A violation was detected by the APPN Filter support when the Directory search filter was audited. | |
NE | QASYNEJE/J4/J5 | A | A violation is detected by the APPN Filter support when the End point filter is audited. | |
*NETCLU | CU | QASYCUJE/J4/J5 | M | Creation of an object by the cluster control operation. |
R | Creation of an object by the Cluster Resource Group (*GRP) management operation. | |||
*NETCMN | CU | QASYCUJE/J4/J5 | M | Creation of an object by the cluster control operation. |
R | Creation of an object by the Cluster Resource Group (*GRP) management operation. | |||
CV | QASYCVJ4/J5 | C | Connection established. | |
E | Connection ended normally. | |||
IR | QASYIRJ4/J5 | L | IP rules have been loaded from a file. | |
N | IP rule have been unloaded for an IP Security connection. | |||
P | IP rules have been loaded for an IP Security connection. | |||
R | IP rules have been read and copied to a file. | |||
U | IP rules have been unloaded (removed). | |||
IS | QASYISJ4/J5 | 1 | Phase 1 negotiation. | |
2 | Phase 2 negotiation. | |||
ND | QASYNDJE/J4/J5 | A | A violation was detected by the APPN Filter support when the Directory search filter was audited. | |
NE | QASYNEJE/J4/J5 | A | A violation is detected by the APPN Filter support when the End point filter is audited. | |
SK | QASYSKJ4/J5 | A | Accept | |
C | Connect | |||
D | DHCP address assigned | |||
F | Filtered mail | |||
P | Port unavailable | |||
R | Reject mail | |||
U | DHCP address denied | |||
*NETFAIL | SK | QASYSKJ4/J5 | P | Port unavailable |
*NETSCK | SK | QASYSKJ4/J5 | A | Accept |
C | Connect | |||
D | DHCP address assigned | |||
F | Filtered mail | |||
R | Reject mail | |||
U | DHCP address denied | |||
*OBJMGT 2 | DI | QASYDIJ4/J5 | OM | Object rename |
OM | QASYOMJE/J4/J5 | M | An object was moved to a different library. | |
R | An object was renamed. | |||
*OFCSRV | ML | QASYMLJE/J4/J5 | O | A mail log was opened. |
SD | QASYSDJE/J4/J5 | S | A change was made to the system distribution directory. | |
*OPTICAL | O1 | QASY01JE/J4/J5 | R | Open file or directory |
U | Change or retrieve attributes | |||
D | Delete file directory | |||
C | Create directory | |||
X | Release held optical file | |||
O2 | QASY02JE/J4/J5 | C | Copy file or directory | |
R | Rename file | |||
B | Back up file or directory | |||
S | Save held optical file | |||
M | Move file | |||
O3 | QASY03JE/J4/J5 | I | Initialize volume | |
B | Backup volume | |||
N | Rename volume | |||
C | Convert backup volume to primary | |||
M | Import | |||
E | Export | |||
L | Change authorization list | |||
A | Change volume attributes | |||
R | Absolute read | |||
*PGMADP | AP | QASYAPJE/J4/J5 | S | A program started that adopts owner authority. The start entry is written the first time adopted authority is used to gain access to an object, not when the program enters the call stack. |
E | A program ended that adopts owner authority. The end entry is written when the program leaves the call stack. If the same program occurs more than once in the call stack, the end entry is written when the highest (last) occurrence of the program leaves the stack. | |||
A | Adopted authority was used during program activation. | |||
*PGMFAIL | AF | QASYAFJE/J4/J5 | B | A program ran a restricted machine interface instruction. |
C | A program which failed the restore-time program validation checks was restored. Information about the failure is in the Validation Value Violation Type field of the record. | |||
D | A program accessed an object through an unsupported interface or callable program not listed as a callable API. | |||
E | Hardware storage protection violation. | |||
R | Attempt made to update an object that is defined as read-only. (Enhanced hardware storage protection is logged only at security level 40 and higher) | |||
*PRTDTA | PO | QASYPOJE/J4/J5 | D | Printer output was printed directly to a printer. |
R | Output sent to remote system to print. | |||
S | Printer output was spooled and printed. | |||
*PTFOBJ | PU | QASYPUJ5 | D | Directory PTF object was changed. |
L | Library PTF object was changed. | |||
S | LIC PTF object was changed. | |||
*PTFOPR | PF | QASYPFJ5 | I | PTF IPL operation was performed. |
L | PTF product(s) operation was performed. | |||
P | PTF operation was performed. | |||
*SAVRST 2 | OR | QASYORJE/J4/J5 | N | A new object was restored to the system. |
E | An object was restored that replaces an existing object. | |||
RA | QASYRAJE/J4/J5 | A | The system changed the authority to an object being restored. 3 | |
RJ | QASYRJJE/J4/J5 | A | A job description that contains a user profile name was restored. | |
RO | QASYROJE/J4/J5 | A | The object owner was changed to QDFTOWN during restore operation.3 | |
RP | QASYRPJE/J4/J5 | A | A program that adopts owner authority was restored. | |
RQ | QASYRQJE/J4/J5 | A | A *CRQD object with PROFILE(*OWNER) was restored. | |
RU | QASYRUJE/J4/J5 | A | Authority was restored for a user profile using the RSTAUT command. | |
RZ | QASYRZJE/J4/J5 | A | The primary group for an object was changed during a restore operation. | |
O | Auditing of an object was changed with CHGOBJAUD command. | |||
U | Auditing for a user was changed with CHGUSRAUD command. | |||
*SECCFG | AD | QASYADJE/J4/J5 | D | Auditing of a DLO was changed with CHGDLOAUD command. |
O | Auditing of an object was changed with CHGOBJAUD or CHGAUD commands. | |||
S | The scan attribute was changed using CHGATR command or the Qp0lSetAttr API, or when the object was created. | |||
U | Auditing for a user was changed with CHGUSRAUD command. | |||
AU | QASYAUJ5 | E | Enterprise Identity Mapping (EIM) configuration change | |
CP | QASYCPJE/J4/J5 | A | Create, change, or restore operation of user profile when QSYSRESPA API is used. | |
CQ | QASYCQJE/J4/J5 | A | A *CRQD object was changed. | |
CY | QASYCYJ4/J5 | A | Access Control function | |
F | Facility Control function | |||
M | Master Key function | |||
DO | QASYDOJE/J4/J5 | A | Object was deleted not under commitment control | |
C | A pending object delete was committed | |||
D | A pending object create was rolled back | |||
P | The object delete is pending (the delete was performed under commitment control) | |||
R | A pending object delete was rolled back | |||
DS | QASYDSJE/J4/J5 | A | Request to reset DST QSECOFR password to system-supplied default. | |
C | DST profile changed. | |||
EV | QASYEVJ4/J5 | A | Add. | |
C | Change. | |||
D | Delete. | |||
I |
Initialize environment variable space. |
|||
GR | QASYGRJ4/J5 | A | Exit program added | |
D | Exit program removed | |||
F | Function registration operation | |||
R | Exit program replaced | |||
JD | QASYJDJE/J4/J5 | A | The USER parameter of a job description was changed. | |
KF | QASYKFJ4/J5 | C | Certificate operation. | |
K | Key ring file operation. | |||
T | Trusted root operation. | |||
NA | QASYNAJE/J4/J5 | A | A network attribute was changed. | |
PA | QASYPAJE/J4/J5 | A | A program was changed to adopt owner authority. | |
SE | QASYSEJE/J4/J5 | A | A subsystem routing entry was changed. | |
SO | QASYSOJ4/J5 | A | Add entry. | |
C | Change entry. | |||
R | Remove entry. | |||
SV | QASYSVJE/J4/J5 | A | A system value was changed. | |
B | Service attributes were changed. | |||
C | Change to system clock. | |||
E | Change to option | |||
F | Change to system-wide journal attribute | |||
VA | QASYVAJE/J4/J5 | S | The access control list was changed successfully. | |
F | The change of the access control list failed. | |||
V | Successful verification of a validation list entry. | |||
VU | QASYVUJE/J4/J5 | G | A group record was changed. | |
M | User profile global information changed. | |||
U | A user record was changed. | |||
*SECDIRSRV | DI | QASYDIJE/J4/J5 | AD | Audit change. |
BN | Successful bind | |||
CA | Authority change | |||
CP | Password change | |||
OW | Ownership change | |||
PO | Policy change | |||
UB | Successful unbind | |||
*SECIPC | IP | QASYIPJE/J4/J5 | A | The ownership or authority of an IPC object was changed. |
C | Create an IPC object. | |||
D | Delete an IPC object. | |||
G | Get an IPC object. | |||
M | Shared memory attached. | |||
Z | Close an IPC object. | |||
*SECNAS | X0 | QASYX0J4/J5 | 1 | Service ticket valid. |
2 | Service principals do not match. | |||
3 | Client principals do not match. | |||
4 | Ticket IP address mismatch. | |||
5 | Decryption of the ticket failed | |||
6 | Decryption of the authenticator failed | |||
7 | Realm is not within client and local realms | |||
8 | Ticket is a replay attempt | |||
9 | Ticket not yet valid | |||
A | Decrypt of KRB_AP_PRIV or KRB_AP_SAFE checksum error | |||
B | Remote IP address mismatch | |||
C | Local IP address mismatch | |||
D | KRB_AP_PRIV or KRB_AP_SAFE timestamp error | |||
E | KRB_AP_PRIV or KRB_AP_SAFE replay error | |||
F | KRB_AP_PRIV KRB_AP_SAFE sequence order error | |||
K | GSS accept - expired credential | |||
L | GSS accept - checksum error | |||
M | GSS accept - channel bindings | |||
N | GSS unwrap or GSS verify expired context | |||
O | GSS unwrap or GSS verify decrypt/decode | |||
P | GSS unwrap or GSS verify checksum error | |||
Q | GSS unwrap or GSS verify sequence error | |||
*SECRUN | AX | QASYAXJ5 | M | Column mask created, altered, or dropped. |
P | Row permission created, altered, or dropped. | |||
T | Table altered. | |||
CA | QASYCAJE/J4/J5 | A | Changes to authorization list or object authority. | |
OW | QASYOWJE/J4/J5 | A | Object ownership was changed. | |
PG | QASYPGJE/J4/J5 | A | The primary group for an object was changed. | |
X2 | None | Query manager profile was changed. | ||
*SECSCKD | GS | QASYGSJE/J4/J5 | G | A socket descriptor was given to another job. (The GS audit record is created if it is not created for the current job.) |
R | Receive descriptor. | |||
U | Unable to use descriptor. | |||
*SECURITY | AD | QASYADJE/J4/J5 | D | Auditing of a DLO was changed with CHGDLOAUD command. |
O | Auditing of an object was changed with CHGOBJAUD or CHGAUD commands. | |||
S | Scan attribute change by CHGATR command or Qp01SetAttr API | |||
U | Auditing for a user was changed with CHGUSRAUD command. | |||
G | Get user from identity token successful | |||
AU | QASYAUJ5 | E | Enterprise Identity Mapping (EIM) configuration change | |
AX | QASYAXJ5 | M | Column mask created, altered, or dropped. | |
P | Row permission created, altered or dropped. | |||
T | Table altered. | |||
CA | QASYCAJE/J4/J5 | A | Changes to authorization list or object authority. | |
CP | QASYCPJE/J4/J5 | A | Create, change, or restore operation of user profile when QSYRESPA API is used | |
CQ | QASYCQJE/J4/J5 | A | A *CRQD object was changed. | |
CV | QASYCVJ4/J5 | C | Connection established. | |
E | Connection ended normally. | |||
R | Connection rejected. | |||
CY | QASYCYJ4/J5 | A | Access Control function | |
F | Facility Control function | |||
M | Master Key function | |||
DI | QASYDIJ4/J5 | AD | Audit change | |
BN | Successful bind | |||
CA | Authority change | |||
CP | Password change | |||
OW | Ownership change | |||
PO | Policy change | |||
UB | Successful unbind | |||
DO | QASYDOJE/J4/J5 | A | Object was deleted not under commitment control | |
C | A pending object delete was committed | |||
D | A pending object create was rolled back | |||
P | The object delete is pending (the delete was performed under commitment control) | |||
R | A pending object delete was rolled back | |||
DS | QASYDSJE/J4/J5 | A | Request to reset DST QSECOFR password to system-supplied default. | |
C | DST profile changed. | |||
EV | QASYEVJ4/J5 | A | Add. | |
C | Change. | |||
D | Delete. | |||
I |
Initialize environment variable space. |
|||
GR | QASYGRJ4/J5 | A | Exit program added | |
D | Exit program removed | |||
F | Function registration operation | |||
R | Exit program replaced | |||
GS | QASYGSJE/J4/J5 | G | A socket descriptor was given to another job. (The GS audit record is created if it is not created for the current job.) | |
R | Receive descriptor. | |||
U | Unable to use descriptor. | |||
IP | QASYIPJE/J4/J5 | A | The ownership or authority of an IPC object was changed. | |
C | Create an IPC object. | |||
D | Delete an IPC object. | |||
G | Get an IPC object. | |||
JD | QASYJDJE/J4/J5 | A | The USER parameter of a job description was changed. | |
KF | QASYKFJ4/J5 | C | Certificate operation. | |
K | Key ring file operation. | |||
T | Trusted root operation. | |||
NA | QASYNAJE/J4/J5 | A | A network attribute was changed. | |
OW | QASYOWJE/J4/J5 | A | Object ownership was changed. | |
PA | QASYPAJE/J4/J5 | A | A program was changed to adopt owner authority. | |
PG | QASYPGJE/J4/J5 | A | The primary group for an object was changed. | |
PS | QASYPSJE/J4/J5 | A | A target user profile was changed during a pass-through session. | |
E | An office user ended work on behalf of another user. | |||
H | A profile handle was generated through the QSYGETPH API. | |||
I | All profile tokens were invalidated. | |||
M | The maximum number of profile tokens have been generated. | |||
P | Profile token generated for user. | |||
R | All profile tokens for a user have been removed. | |||
S | An office user started work on behalf of another user. | |||
T | Telnet QIBM_QTG_DEVINIT exit program profile swap. | |||
U | Telnet QIBM_QTG_DEVINIT exit program profile override. | |||
V | User profile authenticated. | |||
SE | QASYSEJE/J4/J5 | A | A subsystem routing entry was changed. | |
SO | QASYSOJ4/J5 | A | Add entry. | |
C | Change entry. | |||
R | Remove entry. | |||
SV | QASYSVJE/J4/J5 | A | A system value was changed. | |
B | Service attributes were changed. | |||
C | Change to system clock. | |||
E | Change to option | |||
F | Change to system-wide journal attribute | |||
VA | QASYVAJE/J4/J5 | S | The access control list was changed successfully. | |
F | The change of the access control list failed. | |||
VO | V | Successful verify of a validation list entry. | ||
VU | QASYVUJE/J4/J5 | G | A group record was changed. | |
M | User profile global information changed. | |||
U | A user record was changed. | |||
X0 | QASYX0J4/J5 | 1 | Service ticket valid. | |
2 | Service principals do not match | |||
3 | Client principals do not match | |||
4 | Ticket IP address mismatch | |||
5 | Decryption of the ticket failed | |||
6 | Decryption of the authenticator failed | |||
7 | Realm is not within client and local realms | |||
8 | Ticket is a replay attempt | |||
9 | Ticket not yet valid | |||
A | Decrypt of KRB_AP_PRIV or KRB_AP_SAFE checksum error | |||
B | Remote IP address mismatch | |||
C | Local IP address mismatch | |||
D | KRB_AP_PRIV or KRB_AP_SAFE timestamp error | |||
E | KRB_AP_PRIV or KRB_AP_SAFE replay error | |||
F | KRB_AP_PRIV KRB_AP_SAFE sequence order error | |||
K | GSS accept - expired credential | |||
L | GSS accept - checksum error | |||
M | GSS accept - channel bindings | |||
N | GSS unwrap or GSS verify expired context | |||
O | GSS unwrap or GSS verify decrypt/decode | |||
P | GSS unwrap or GSS verify checksum error | |||
Q | GSS unwrap or GSS verify sequence error | |||
X1 | QASYX1J5 | D | Delegate of identity token successful | |
X2 | None | Query manager profile was changed | ||
*SECVFY | PS | QASYPSJE/J4/J5 | A | A target user profile was changed during a pass-through session. |
E | An office user ended work on behalf of another user. | |||
H | A profile handle was generated through the QSYGETPH API. | |||
I | All profile tokens were invalidated. | |||
M | The maximum number of profile tokens have been generated. | |||
P | Profile token generated for user. | |||
R | All profile tokens for a user have been removed. | |||
S | An office user started work on behalf of another user. | |||
T | Telnet QIBM_QTG_DEVINIT exit program profile swap. | |||
U | Telnet QIBM_QTG_DEVINIT exit program profile override. | |||
V | User profile authenticated. | |||
X1 | QASYX1J5 | D | Delegate of identity token successful | |
G | Get user from identity token successful | |||
*SECVLDL | VO | V | Successful verification of a validation list entry. | |
*SERVICE | ST | QASYSTJE/J4/J5 | A | A service tool was used. |
VV | QASYVVJE/J4/J5 | C | The service status was changed. | |
E | The server was stopped. | |||
P | The server paused. | |||
R | The server was restarted. | |||
S | The server was started. | |||
*SPLFDTA | SF | QASYSFJE/J4/J5 | A | A spooled file was read by someone other than the owner. |
C | A spooled file was created. | |||
D | A spooled file was deleted. | |||
H | A spooled file was held. | |||
I | An inline file was created. | |||
R | A spooled file was released. | |||
S |
A spooled file was saved. |
|||
T |
A spooled file was restored. |
|||
U | A spooled file was changed. | |||
V | Only non-security relevant spooled files attributes changed. | |||
*SYSMGT | DI | QASYDIJ4/J5 | CF | Configuration changes |
CI | Create instance | |||
DI | Delete instance | |||
RM | Replication management | |||
SM | QASYSMJE/J4/J5 | B | Backup options were changed using xxxxxxxxxx. | |
C | Automatic cleanup options were changed using xxxxxxxxxx. | |||
D | A DRDA* change was made. | |||
F | An HFS file system was changed. | |||
N | A network file operation was performed. | |||
O | A backup list was changed using xxxxxxxxxx. | |||
P | The power on/off schedule was changed using xxxxxxxxxx. | |||
S | The system reply list was changed. | |||
T | The access path recovery times were changed. | |||
VL | QASYVLJE/J4/J5 | A | The account is expired. | |
D | The account is disabled. | |||
L | Logon hours were exceeded. | |||
U | Unknown or unavailable. | |||
W | Workstation not valid. | |||
Object Auditing: | ||||
*CHANGE | DI | QASYDIJ4/J5 | IM | LDAP directory import |
ZC | Object change | |||
ZC | QASYZCJ4/J5 | C | Object changes | |
U | Upgrade of open access to an object | |||
AD | QASYADJEJ4/J5 | D | Auditing of an object was changed with CHGOBJAUD command. | |
O | Auditing of an object was changed with CHGOBJAUD command. | |||
S | Scan attribute change by CHGATR command or Qp01SetAttr API | |||
U | Auditing for a user was changed with CHGUSRAUD command. | |||
AU | QASYAUJ5 | E | Enterprise Identity Mapping (EIM) configuration change | |
CA | QASYCAJE/J4/J5 | A | Changes to authorization list or object authority. | |
OM | QASYOMJE/J4/J5 | M | An object was moved to a different library. | |
R | An object was renamed. | |||
OR | QASYORJE/J4/J5 | N | A new object was restored to the system. | |
E | An object was restored that replaces an existing object. | |||
OW | QASYOWJE/J4/J5 | A | Object ownership was changed. | |
PG | QASYPGJE/J4/J5 | A | The primary group for an object was changed. | |
RA | QASYRAJE/J4/J5 | A | The system changed the authority to an object being restored. | |
RO | QASYROJE/J4/J5 | A | The object owner was changed to QDFTOWN during restore operation. | |
RZ | QASYRZJE/J4/J5 | A | The primary group for an object was changed during a restore operation. | |
GR | QASYGRJ4/J5 | F | Function registration operations5 | |
LD | QASYLDJE/J4/J5 | L | Link a directory. | |
U | Unlink a directory. | |||
VF | QASYVFJE/J4/J5 | A | The file was closed because of administrative disconnection. | |
N | The file was closed because of normal client disconnection. | |||
S | The file was closed because of session disconnection. | |||
VO | QASYVOJ4/J5 | A | Add validation list entry. | |
C | Change validation list entry. | |||
F | Find validation list entry. | |||
R | Remove validation list entry. | |||
VR | QASYVRJE/J4/J5 | F | Resource access failed. | |
S | Resource access was successful. | |||
YC | QASYYCJE/J4/J5 | C | A document library object was changed. | |
ZC | QASYZCJE/J4/J5 | C | An object was changed. | |
U | Upgrade of open access to an object. | |||
*ALL 4 | CD | QASYCDJ4/J5 | C | Command run |
DI | QASYDIJ4/J5 | EX | LDAP directory export | |
ZR | Object read | |||
GR | QASYGRJ4/J5 | F | Function registration operations5 | |
LD | QASYLDJE/J4/J5 | K | Search a directory. | |
YR | QASYYRJE/J4/J5 | R | A document library object was read. | |
ZR | QASYZRJE/J4/J5 | R | An object was read. | |
|