About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Troubleshooting
Problem
This document provides information on using object auditing to track use of print-related commands.
Resolving The Problem
This document provides information on using object auditing to track use of print-related commands, such as the following:
| Output Queue commands | Change Output Queue (CHGOUTQ) |
| Clear Output Queue (CLROUTQ) | |
| Delete Output Queue (DLTOUTQ) | |
| Hold Output Queue (HLDOUTQ) | |
| Release Output Queue (RLSOUTQ) | |
| Work with Output Queue (WRKOUTQ) | |
| Device Description commands | Create Device Desc (Printer) (CRTDEVPRT) |
| Change Device Desc (Printer) (CHGDEVPRT) | |
| Delete Device Description (DLTDEVD) | |
| Display Device Description (DSPDEVD) | |
| Work with Device Descriptions (WRKDEVD) | |
| Printer File commands | Change Printer File (CHGPRTF) |
| Create Printer File (CRTPRTF) | |
| Override with Printer File (OVRPRTF) | |
| Writer commands | Start Print Writer (STRPRTWTR) |
| Start Remote Writer (STRRMTWTR) | |
| End Writer (ENDWTR) | |
| Change Writer (CHGWTR) | |
| Hold Writer (HLDWTR) | |
| Release Writer (RLSWTR) | |
| Work with Writers (WRKWTR) | |
| Spooled File commands | Change Spooled File Attributes (CHGSPLFA) |
| Display Spooled File (DSPSPLF) | |
| Delete Expired Spooled files (DLTEXPSPLF) | |
| Delete Spooled File (DLTSPLF) | |
| Hold Spooled File (HLDSPLF) | |
| Release Spooled File (RLSSPLF) | |
| Send Network Spooled File (SNDNETSPLF) | |
| Send TCP/IP Spooled File (SNDTCPSPLF) | |
| Work with Printing Status (WRKPRTSTS) | |
| Work with Spooled Files (WRKSPLF) | |
| Work with Spooled File Attributes (WRKSPLFA) |
This document was last updated on 21 October 2013.
Using Object Auditing to Track Use of Print-Related Commands
Note: This document is not intended to contain complete information regarding setting up object auditing. For detailed information on system auditing, it is recommended that you refer to Chapter 9, Auditing Security on the AS/400 System, in the AS/400e Security - Reference (SC41-5302-04). This manual is available in PDF format through the IBM iSeries Online Library (http://publib.boulder.ibm.com/pubs/html/as400/onlinelib.htm) or can be downloaded directly at the following Web site:
http://publib.boulder.ibm.com/pubs/pdfs/as400/V4R5PDF/C4153024.PDF
For detailed information on setting up security auditing, please refer to the following document:
N1018413: Security: Object Auditing
To set up object auditing for the use of any print-related commands, do the following:
| 1. | Use the Create Journal Receiver (CRTJRNRCV) and Create Journal (CRTJRN) commands to set up the journal receiver and journal needed for system auditing. For more information, please refer to the following document: N1014712: Setting Up Security Auditing |
| 2. | Use the following Work with System Value (WRKSYSVAL) command to work with the system values associated with security auditing: WRKSYSVAL SYSVAL(QAUD*) Use Option 2 (Change) and Option 5 (Display) as necessary to make sure that the QAUDCTL (Auditing control) system value includes *OBJAUD. |
| 3. | Use the Change Object Auditing (CHGOBJAUD) command to set the Object auditing value (OBJAUD) parameter to *ALL for any print-related commands that you want to track. Some examples include the following: |
| Example 1: To track an issue where output queues are being released and writers are being started unexpectedly, use the following CHGOBJAUD commands: CHGOBJAUD OBJ(QSYS/RLSOUTQ) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/STRPRTWTR) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/STRRMTWTR) OBJTYPE(*CMD) OBJAUD(*ALL) | |
| Example 2: To track the creation of printer device descriptions and Remote Output Queues (RMTOUTQs), use the following CHGOBJAUD commands: CHGOBJAUD OBJ(QSYS/CRTOUTQ) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/CRTDEVPRT) OBJTYPE(*CMD) OBJAUD(*ALL) | |
| Example 3: To track when users are working with writers, and when writers are started, ended, changed, held and released, use the following CHGOBJAUD commands: CHGOBJAUD OBJ(QSYS/WRKWTR) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/STRPRTWTR) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/STRRMTWTR) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/ENDWTR) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/CHGWTR) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/HLDWTR) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/RLSWTR) OBJTYPE(*CMD) OBJAUD(*ALL) | |
| Example 4: To track when users are working with output queues, or spooled files, use the following CHGOBJAUD commands: CHGOBJAUD OBJ(QSYS/WRKOUTQ) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/WRKSPLF) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/WRKPRTSTS) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/WRKSPLFA) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/CHGSPLFA) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/DSPSPLF) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/DLTSPLF) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/HLDSPLF) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/RLSSPLF) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/DLTEXPSPLF) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/SNDNETSPLF) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/SNDTCPSPLF) OBJTYPE(*CMD) OBJAUD(*ALL) | |
| Example 5: To track when users create or change a printer file, use the following CHGOBJAUD commands: CHGOBJAUD OBJ(QSYS/CRTPRTF) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/CHGPRTF) OBJTYPE(*CMD) OBJAUD(*ALL) | |
| Example 6: To track when users create, change or delete a printer device description, use the following CHGOBJAUD commands: CHGOBJAUD OBJ(QSYS/CRTDEVPRT) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/CHGDEVPRT) OBJTYPE(*CMD) OBJAUD(*ALL) CHGOBJAUD OBJ(QSYS/DLTDEVD) OBJTYPE(*CMD) OBJAUD(*ALL) | |
| 4. | Type GO SECTOOLS on an IBM operating system command line to bring up the Security Tools menu; then take Option 11 (Display security auditing) to make sure that security auditing is set up correctly. |
| 5. | If diagnosing a particular problem, reproduce the problem at this point or wait for the problem to occur. |
| 6a. | After the problem has occurred, you can use the Display Audit Journal Entry (DSPAUDJRNE) command to write any command string (CD) journal entries to a spooled file. However, the DSPAUDJRNE command is not supported, for example: DSPAUDJRNE ENTTYP(CD) JRNRCV(*CURCHAIN) FROMTIME('07/21/08' '08:00:00') OUTPUT(*PRINT) DSPAUDJRNE ENTTYP(CD) JRNRCV(*CURCHAIN) FROMTIME('07/21/08' '08:00:00') OUTPUT(*) |
| 6b. | You can also use the Display Journal (DSPJRN) command to write any command string (CD) journal entries to a spooled file, for example: DSPJRN JRN(QAUDJRN) RCVRNG(*CURCHAIN) FROMTIME('07/21/08' '08:00:00') JRNCDE(*ALL) ENTTYP(CD) JOB(*ALL) OUTPUT(*PRINT) DSPJRN JRN(QAUDJRN) RCVRNG(*CURCHAIN) FROMTIME('07/21/08' '08:00:00') JRNCDE(*ALL) ENTTYP(CD) JOB(*ALL) OUTPUT(*) |
| 6c. | Another alternative is to output the CD journal entries to an OUTFILE and then create a query to select and sequence whichever fields you need to display, for example: DSPJRN JRN(QAUDJRN) RCVRNG(*CURCHAIN) FROMTIME('07/21/08' '08:00:00') JRNCDE(*ALL) ENTTYP(CD) JOB(*ALL) OUTPUT(*OUTFILE) OUTFILFMT(*TYPE1) OUTFILE(library-name/outfile-name) |
N1019650: Security: User Auditing Example
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"6.1.0"}]
Historical Number
497310658
Was this topic helpful?
Document Information
Modified date:
18 December 2019
UID
nas8N1018707
Manage My Notification Subscriptions