The Scan Audit Log command provides a different method of displaying
or listing audit entries from the Audit Log data base file provided
by the AUDLOG tool. In addition to standard selection fields such as
date, time, user profile, etc, SCNAUDLOG allows a search on the entry
data field. This can be particularly helpful for the 'T' Journal
code (audit entries) where most of the data is in the entry data
You must be using the AUDLOG tool which provides conversion from the
QAUDJRN journal entries to the AUDLOG data base files. You must have
*USE authority to the AUDLOGP file.
A typical SCNAUDLOG command would be:
If you had been auditing the PAYROLL file for *CHANGE action (see the
later discussion), you would see all of the current entries for
changes to the PAYROLL file. A display would appear that is similar
to that used by DSPAUDLOG for the audit entries containing the value
'PAYROLL' in the entry data. A listing may be optionally output.
Note that though the AUDLOGP file has a field for object name
(AUOBJ), most of the audit entries do not fill this field. Instead,
the name of the object is within in the entry data field.
Auditing journal entries are optional and occur if you have specified
auditing system values and the CHGOBJAUD or CHGUSRAUD commands. For
an overview of auditing on the system, see the TAA documentation
SCNAUDLOG escape messages you can monitor for
None. Escape messages from based on functions will be re-sent.
SCNAUDLOG Command parameters *CMD
SEARCH The value to be searched for in the entry data field
of the converted journal entry. *ALL is the default
to request any entries that match the other
The field that is scanned is the AUDATA field in
AUDLOGP. AUDLOGP must be created by the CRTAUDLOG
command of the AUDLOG tool. This field is a fixed
length field in AUDLOGP. You can vary the length of
AUDATA for all records by use of the ENTDTALEN
parameter on CRTAUDLOG. If the field length is
shorter than the entry data of the journal entry,
truncation will occur and any excess data will not
be scanned for.
AUDLOGLIB The library where the AUDLOGP file exists. *LIBL is
the default. A specific name or *CURLIB may be
The AUDLOGP file must be created by the AUDLOG tool
(CRTAUDLOG command) and entries must be converted to
the AUDLOGP file using one of the CVTAUDLOG
PERIOD The Begin/End Date/Time values to select on.
The 'Beginning time' value defaults to *AVAIL
meaning the Begin Time value is not considered. If
a time is entered, it is used in conjunction with
the 'Beginning Date' to determine selection.
The 'Beginning Date' value defaults to *CURRENT
meaning the current date. *BEGIN may be entered to
mean the first record in the AUDLOGP file. If a
date is entered, it must be in job format and is
used in conjunction with the 'Beginning Time' to
The 'Ending time' value defaults to *AVAIL meaning
the End Time value is not considered. If a time is
entered, it is used in conjunction with the 'Ending
Date' to determine selection.
The 'Ending Date' value defaults to *END meaning the
End Date value is not considered. If a date is
entered it must be in job format, and is used in
conjunction with the 'Ending Time' to determine
JOB The job name to be selected. *ALL is the default
meaning all jobs.
USER The user profile to be selected. *ALL is the
default meaning all user profiles.
The user is the one who caused the entry and may not
be the user of the job. If a user profile swap
occurs, the user name will differ from the user name
of the qualified job name.
BYPUSER A list of up to 10 user profile names that will be
bypassed. *NONE is the default meaning no user
profile names are bypassed.
If a user profile name is entered, it is not checked
to see if it exists or is in conflict with the user
name in the USER parameter.
JRNCDE A 3 part parameter to select the journal code, type,
*ALL is the default for journal code meaning all
journal codes. This will include some general
journal codes such as 'J' meaning the entry relates
to the journal. The journal code for audit entries
*ALL is the default for journal entry types meaning
all journal entry types such as 'AF' for audit
failure. A specific entry type may be named.
*ALL is the default for journal entry sub type
meaning all sub types. A specific sub type type may
be named. Only the journal entries of JOCODE = T,
provide a sub type.
If a sub type is entered, the journal code and
journal type may not be *ALL.
PGM The program that caused the entry. The default is
*ALL meaning all programs are considered.
In some entries the program name may be blank. If a
command is entered from a command entry display, the
program may appear as QCMD or the program name of a
higher program in the stack.
SYSTEM The system name on which the entry occurred. The
default is *CURRENT meaning the current system.
The AUDLOG tool allows the entries from multiple
systems to be placed in a single AUDLOGP file.
OUTPUT How to output the results. * is the default to
display the entries if the command is entered
If the command is entered in batch or *PRINT is
specified, a spooled file is output.
You must be using the AUDLOG tool.
The following TAA Tools must be on your system:
AUDLOG Audit log
CRTDUPPF Create duplicate data base file
CVTDAT Convert date
CVTDSPDTA Convert display data
CVTTIM Convert time
DSPDBFDTA Display data base file data
DSPJRNCDE Display journal code
EDTVAR Edit variable
FILEFDBCK File feedback
HLRMVMSG HLL Remove message
RTVDAT Retrieve date
RTVSYSVAL3 Retrieve system value 3
SNDCOMPMSG Send completion message
SNDESCINF Send escape information
SNDESCMSG Send escape message
None, the tool is ready to use.
Objects used by the tool
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
SCNAUDLOG *CMD TAASEHJ QATTCMD
TAASEHJC *PGM CLP TAASEHJC QATTCL
TAASEHJR *PGM RPG TAASEHJR QATTRPG
TAASEHJR2 *PGM RPG TAASEHJR2 QATTRPG
TAASEHJD *FILE DSPF TAASEHJD QATTDDS