IBM Support

Keeping track of DRDA command usage

Question & Answer


Question

How do I keep track of DRDA command usage on my IBM i?

Answer

These instructions will allow IBM i administrators to audit usage of DRDA related commands on the system:

Note: You can skip steps 1-3 if you already have Auditing Turned on the System.

1. Create a library for the journal and receiver

CRTLIB AUDITJRN


2. Create the journal receiver

Note: Do not put journal receivers in QSYS

CRTJRNRCV  JRNRCV(AUDITJRN/AUDRCV0001)                    
                   THRESHOLD(100000) AUT(*EXCLUDE)        
                   TEXT('Auditing Journal Receiver')


3. Create QAUDJRN journal

CRTJRN  JRN(QSYS/QAUDJRN)                                            
               JRNRCV(AUDITJRN/AUDRCV0001)                          
               MNGRCV(*SYSTEM) DLTRCV(*NO)                  
               AUT(*EXCLUDE) TEXT('Auditing Journal')


4. Start auditing to QAUDJRN

Note: You will want to see what the current values are of QAUDCTL and QAUDLVL so as not to overwrite current settings.

DSPSYSVAL QAUDCTL ----> must have *AUDLVL
CHGSYSVAL SYSVAL(QAUDCTL) VALUE(*AUDLVL)
DSPSYSVAL QAUDLVL -----> must have *SYSMGT
CHGSYSVAL SYSVAL(QAUDLVL) VALUE(*SYSMGT)

Note: If you already have auditing on the system, you can just add the *SYSMGT to QAUDLVL

***Utilize a DRDA command such as CHGDDMTCPA***


5. Displaying audit entries

DSPJRN JRN(QAUDJRN) JRNCDE((T)) ENTTYP(SM)
option 5=Display entire entry
and <F10> to display details.

...alternatively:
DSPJRN JRN(QAUDJRN) JRNCDE((T)) ENTTYP(SM) OUTPUT(*PRINT)


Understanding the SM journal entry

The entry specific data for each SM entry will have DA, DC, DR, DT for ADDRDBDIRE, CHGRDBDIRE, RMVRDBDIRE, DSPRDBDIRE respectively.

DT and DC will also be used for CHGDDMTCPA command for a retrieve and change operation on the PWDRQD and ENCALG parameters. CHGDDMTCPA entries will list the *LOCAL RDB name in the Entry specific data.

The "Audit Journal Entry Type" is: (SM) - Systems Management Change
The "Function Accessed" is: D (DRDA).
The "Access Type" is: A (Add), C (Change), R (Remove), T (Retrieve or receive)

For details, see SM (Systems Management Change) journal entries:

http://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/rzarl/rzarlf58.htm


Turning QAUDJRN journaling off :

CHGSYSVAL SYSVAL(QAUDCTL) VALUE(*NONE)
CHGSYSVAL SYSVAL(QAUDLVL) VALUE(*NONE)
DLTJRN JRN(QSYS/QAUDJRN)    
DLTJRNRCV JRNRCV(AUDITJRN)
DLTLIB LIB(AUDITJRN)

[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"--","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
18 December 2019

UID

nas8N1022344

Page Feedback