News
Abstract
This group of table functions provides detailed information for audit journal entries.
Content
You are in: IBM i Technology Updates > Db2 for i - Technology Updates > IBM i Services (SQL) > Audit journal entry services
For complete detail, visit this IBM Documentation page: Audit journal entry services
To confirm that security is setup to generate the audit journal entries, use QSYS2.SECURITY_INFO.
select count(*) as "AF_and_PW_enabled?"
from qsys2.security_info
where (auditing_control like '%*AUDLVL%') and
((auditing_level like '%*AUTFAIL%') or
(auditing_level like '%*AUDLVL2%' and
auditing_level_extension like '%*AUTFAIL%'));
from qsys2.security_info
where (auditing_control like '%*AUDLVL%') and
((auditing_level like '%*AUTFAIL%') or
(auditing_level like '%*AUDLVL2%' and
auditing_level_extension like '%*AUTFAIL%'));
select count(*) as "CA_and_OW_enabled?"
from qsys2.security_info
where (auditing_control like '%*AUDLVL%') and
((auditing_level like '%*SECURITY%') or (auditing_level like '%*SECRUN%') or
(auditing_level like '%*AUDLVL2%' and
(auditing_level_extension like '%*SECURITY%') or (auditing_level_extension like '%*SECRUN%')));
from qsys2.security_info
where (auditing_control like '%*AUDLVL%') and
((auditing_level like '%*SECURITY%') or (auditing_level like '%*SECRUN%') or
(auditing_level like '%*AUDLVL2%' and
(auditing_level_extension like '%*SECURITY%') or (auditing_level_extension like '%*SECRUN%')));
Example usage:
--
-- Review a summary of the password failures, which occurred in the last 24 hours
--
select VIOLATION_TYPE_DETAIL, AUDIT_USER_NAME, count(*) as pw_failures
from table (
SYSTOOLS.AUDIT_JOURNAL_PW(STARTING_TIMESTAMP => current timestamp - 24 hours)
) pw
group by VIOLATION_TYPE_DETAIL, AUDIT_USER_NAME
order by 3 desc;
-- Review a summary of the password failures, which occurred in the last 24 hours
--
select VIOLATION_TYPE_DETAIL, AUDIT_USER_NAME, count(*) as pw_failures
from table (
SYSTOOLS.AUDIT_JOURNAL_PW(STARTING_TIMESTAMP => current timestamp - 24 hours)
) pw
group by VIOLATION_TYPE_DETAIL, AUDIT_USER_NAME
order by 3 desc;
Enhanced with IBM i 7.5 SF99950 Level 7 & IBM i 7.4 SF99704 Level 28:
- Performance improved for the AU, AX, CP, EV, GR, OM, and ZC audit journal entry services
- Add more helper functions for NA and PS audit journal entry types
Enhanced with IBM i 7.5 SF99950 Level 5 & IBM i 7.4 SF99704 Level 26:
- Add more helper functions for AU and LD audit journal entry types
Enhanced with IBM i 7.5 SF99950 Level 4 & IBM i 7.4 SF99704 Level 25:
- Add more helper functions for AP, AX, OR, PA, PF, PU, RA, RO, and RZ audit journal entry types
Enhanced with IBM i 7.5 SF99950 Level 2 and IBM i 7.4 SF99704 Level 23:
- Add more helper functions for AD, DS, IM, PG, SK, SM, ZC, and ZR audit journal entry types
Enhanced with IBM i 7.5 SF99950 Level 1, IBM i 7.4 SF99704 Level 20, and IBM i 7.3 SF99703 Level 28:
- Add more helper functions for JS, ST, and OM audit journal entry types
Enhanced with IBM i 7.4 SF99704 Level 15 and IBM i 7.3 SF99703 Level 26:
- Add more helper functions for CD, CO, CP, DO, EV, GR, and SV audit journal entry types
- In IBM i 7.4, add helper functions for IBM Db2 Mirror for i, M0, M6, M7, M8, and M9 audit journal entry types
Enhanced with IBM i 7.4 SF99704 Level 13 and IBM i 7.3 SF99703 Level 24:
- Add the first set of helper functions for AF, CA, OW, and PW audit journal entry types
[{"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB68","label":"Power HW"}}]
Was this topic helpful?
Document Information
Modified date:
23 April 2024
UID
ibm16442047