The system audit value QAUDLVL (or QAUDLVL2 depending on your system configuration) will be need to set for the various audit functions to work. Here is a list of the Audit Codes in iEventMonitor along with the system audit values that will cause them to be activated:
AD - Auditing changes - *SECURITY or *SECCFG
AF - Authority failures - *AUTFAIL
AX - Row and column access control - *SECURITY or *SECRUN
CD - Command line use for registered user profiles - Controlled by iEventMonitor, no system audit value needed
CP - User profiles changed, created or restored - *SECURITY or *SECCFG
DO - Object Deletes - *SECURITY or *DELETE set for individual object auditing
DS - DST password reset - *SECURITY or *SECCFG
EV - System environment variables - *SECURITY or *SECCFG
OW - Object ownership changes - *SECURITY, *SECDIRSRV, *SECRUN or *CHANGE set for individual object auditing
PS - Profile swaps - *SECURITY or *SECVFY
PW - Invalid passwords - *AUTFAIL
SK - Secure socket connections - *NETCMN, *NETFAIL, *NETSCK, *NETSECURE, *NETTELSVR or *NETUDP
SO - Server security user information actions - *SECURITY or *SECCFG
ST - Use of service tools - *SERVICE
SV - System value changes - *SECURITY or *SECCFG