Creating a Signon/Signoff report for Interactive Users using Audit Value *JOBDTA

Objective

Create a Signon/Signoff Report for auditors.

Answer

The Audit Value *JOBDTA can be used to track the start and end of interactive jobs on  the System, this document uses that data to create an SQL report that would show Signon/Signoff for interactive users.

Note 1:  This document can only be used for Interactive Sessions, it does not provide data when the user Signs onto the system via other interfaces. 

Note 2: The Auditing Value *JOBBAS can also be used to create his report.  

To get started, make sure that your System Value QAUDLVL already contains the *JOBDTA or *JOBBAS value, if the value is not listed, you can use the following command to add it: 

• CHGSECAUD Press F4 and add it to your current QAUDLVL system value.

Note 1: Use the command DSPSECAUD to verify your current Audit Values.
Note 2: If Security Auditing is not turned on your system, refer to the following document to start the auditing process:

• http://www.ibm.com/support/docview.wss?uid=nas8N1017678

Once the system has been tracking Job Data information, you can get started using the following commands:

Method 1: For Releases 7.3, 7.4, 7.5, 7.6

Using the SQL Service AUDIT_JOURNAL_JS table function to create a report that contains invalid sign-on attempts for users.

 The AUDIT_JOURNAL_JS table function returns rows from the audit journal that contain information from the JS (Job Change) journal entries.

Every audit journal table function shares a common authorization requirement and a common set of parameters. These are described in AUDIT JOURNAL table function common information.

Note:   This method is only available on 7.3 and later versions of the Operating System.  For older releases, follow Method 2.

Using the ACS "Run SQL Scripts" tool, run the following SQL Statement:

SELECT ENTRY_TIMESTAMP,
       JOB_NAME,
       JOB_USER,
       JOB_NUMBER,
       ENTRY_TYPE,
       ENTRY_TYPE_DETAIL,
       JOB_TYPE,
       REMOTE_ADDRESS,
       SYSTEM_NAME
    FROM TABLE (
            SYSTOOLS.AUDIT_JOURNAL_JS(STARTING_TIMESTAMP => '2024-08-05 00:00:00.000000', 
            ENDING_TIMESTAMP => '2024-08-06 12:30:00')-- Mofify the time/date stamps
        )
    WHERE JOB_TYPE = 'INT'
          AND ENTRY_TYPE IN ('S', 'E')

Report produced by the sample SQL:

Note 1:   Where Entry type "S" is the start of an interactive session for the user and Entry type "E" is the end of the interactive session.  

Method 2: For Older Releases of the Operating System. 

Step 1: On the operating system command line, type the following command and press the Enter key.
 

CPYAUDJRNE ENTTYP(JS) 

Note 1: Press F4 to specify date and time range criteria and also specify a different library if you would like to save the file on a library of your own.  Make sure that you use the *CURCHAIN for the parameter Starting journal receiver if you wish to generate a report that contains data from multiple journal receivers.   Such as this:

CPYAUDJRNE ENTTYP(JS) JRNRCV(*CURCHAIN) FROMTIME('date' 'time') TOTIME('date' 'time') OUTFILE(yourlib/QAUDIT) 

Step 2: On the operating system command line, type the following commands and press the Enter key.

STRSQL to get to the interactive SQL command line. Then type the following:

  SELECT JSJUSR,
       JSTSTP,
       JSRADR,
       JSJOB,
       JSETYP
    FROM QTEMP/QAUDITJS
    WHERE JSJTYP = 'I'
          AND JSETYP = 'S'
          OR JSETYP = 'E'
          AND JSJTYP <> 'B'
          AND JSJTYP <> 'A'
          AND JSJTYP <> 'M'
          AND JSJTYP <> 'W'

Note 1: Replace the name of the library QTEMP if you specified a different library on step 1

Report produced by the sample SQL:

Note 1:   Where Entry type "S" is the start of an interactive session for the user and Entry type "E" is the end of the interactive session.