IBM Support

Setting Up Security Auditing Using Security Tools

Troubleshooting


Problem

This document describes how to set up security auditing with the SECTOOLS menu.

Resolving The Problem

Many companies using the IBM System i system would like to enforce the system's functionality of security auditing. The easiest way to accomplish this task is via the Security Tools menu (GO SECTOOLS). Take the following steps to set up security auditing:

Note: To make these changes, the user profile must have *ALLOBJ and *AUDIT special authority.

o From an operating system command line, type the following:
  
GO SECTOOLS


Press the Enter key.
o Options 10 and 11 deal with auditing, and fall under the Work with auditing heading.
o Select option 11 to display your current settings. (Press the Enter key to bypass the DSPSECAUD screen.)
o If your system is not set up for auditing, you will see a screen like the following.

This screen shows Current Security Auditing Values. It shows if the journal exists, what QAUDCTL is set to and what QAUSLVL is set to.
o Press F12 to Cancel and get back to the security tools menu.
o Select Option 10 to change the auditing.  This option calls the CHGSECAUD command.
o Set the QAUDCTL value to the setting you desire (the common setting is *AUDLVL).
o Set the QAUDLVL value to the setting you desire. For example, if you want to monitor for delete functions you would enter *DELETE. If you want authority information you would enter *AUTFAIL or *SECURITY, and so on.
o Lastly, the initial journal receiver should be set to AUDRCV0001.
o Once these changes are made you can display the settings via option 11 again. You should see a screen like the figure below:

This screen shows the Current Security Auditing System Values again. After the change, you should see that QAUDCTL is set to *AUDLVL and QAUDLVL *AUTFAIL and *SECURITY
o Once auditing is set up, you can use Option 22 from the security toolkit, or type the command CPYAUDJRNE to display the entries in the audit journal (QAUDJRN).
o If you need to find further information on the actual entry types and functions behind the different audit options, refer to the Security Reference manual

[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CHyAAM","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"6.1.0;7.1.0;7.2.0;7.3.0;7.4.0;7.5.0"}]

Historical Number

20603533

Document Information

More support for:
IBM i

Component:
Security

Software version:
6.1.0, 7.1.0, 7.2.0, 7.3.0, 7.4.0, 7.5.0

Operating system(s):
IBM i

Document number:
641621

Modified date:
08 October 2024

UID

nas8N1017678

Manage My Notification Subscriptions

Page Feedback