Kisco Systems

Kisco U

Audit journal record types

Home : Kisco U : Audit journal record types

We absolutely recommend enabling the IBM i's built-in audit journal security feature. As with any journaling technology from IBM, the audit journal data can be incomprehensible. And IBM logs a lot of data points, probably to support their own troubleshooting and support requirements. The entries are logged as various record types with a two character type code. From a security monitoring and alerting perspective, we only really care about a subset of these records.

List of audit journal record type codes

  • AD - Auditing changes
  • AF -Authority failures
  • AX - Row/Column Access
  • CD - Command line use
  • CP - User profile changes
  • DO - Deleted objects
  • DS - DST password reset
  • EV - Environment variables
  • OW - Obj Ownership changes
  • PS - Profile swaps
  • PW - Invalid passwords
  • SK - Secure socket connections
  • SO - Security actions
  • ST - Service tools use
  • SV - System value changes

Enabling audit journal features

Not all of these codes are supported "out of the box." Many of codes have to be enabled by adjusting security system values. The system audit value QAUDLVL (or QAUDLVL2 depending on your system configuration) will be need to set for the various audit functions to work:

  • AD - Auditing changes - *SECURITY or *SECCFG
  • AF - Authority failures - *AUTFAIL
  • AX - Row and column access control - *SECURITY or *SECRUN
  • CP - User profiles changed, created or restored - *SECURITY or *SECCFG
  • DO - Object Deletes - *SECURITY or *DELETE set for individual object auditing
  • DS - DST password reset - *SECURITY or *SECCFG
  • EV - System environment variables - *SECURITY or *SECCFG
  • OW - Object ownership changes - *SECURITY, *SECDIRSRV, *SECRUN or *CHANGE set for individual object auditing
  • PS - Profile swaps - *SECURITY or *SECVFY
  • PW - Invalid passwords - *AUTFAIL
  • SK - Secure socket connections - *NETCMN, *NETFAIL, *NETSCK, *NETSECURE, *NETTELSVR or *NETUDP
  • SO - Server security user information actions - *SECURITY or *SECCFG
  • ST - Use of service tools - *SERVICE
  • SV - System value changes - *SECURITY or *SECCFG

More information about security system values

RELATED POSTS

BROWSE KISCO U

PRODUCT CONTENT

© 2021 KISCO SYSTEMS LLC
54 Danbury Rd. | Suite 439 | Ridgefield, CT 06877

Products
Services
Support
Partners
About