The Audit Log tool is a series of commands that let you work with the
audit log entries from the QAUDJRN journal. You may either display
the entries using several different access paths or print the entries
using different selection and sequencing criteria. Audit logs from
multiple systems may be stored in the same data base.
The QAUDJRN journal entries must be converted to a data base file
before the display or print functions may be used. Special commands
exists to create the required data base files and convert the
journal.
See also the SCNAUDLOG tool.
Size of journal entry data
--------------------------
The default when using CRTAUDLOG is to create the AUDATA field in
AUDLOGP as a 102 byte field. This will contain the journal entry
data. Some journal entries have a larger amount of entry data than
102 bytes.
You may make the AUDLOGP field larger by specifying a longer length
on the CRTAUDLOG command.
You can determine how long the field should be by using:
DSPJRN - you may need RCVRNG(*CURCHAIN)
When the display appears, use Option 5 to display an entry that you
want to capture all the entry data for. When the display appears,
use F15 to see a display of just the entry data and determine how
many bytes exist.
Repeat the use of Option 5 and F15 for other journal entries until
you are satisfied with the length you want to capture.
If you have already created the AUDLOG files using CRTAUDLOG and want
to make the file larger, see the section on 'Converting to a longer
entry data length'.
Creating the Audit Log Journal
------------------------------
If you have not already created the Audit Log journal and specified
the QAUDLVL system value, do the following steps as the Security
Officer (the library QGPL is used for the Journal receiver, but any
user library may be used):
** Create a journal receiver:
CRTJRNRCV JRNRCV(QGPL/AUD00001)
TEXT('Audit log receiver')
The Audit Log tool does not require a special naming
convention for the journal receivers. However, a convention
such as AUD00001 is recommended.
** Create the Audit Log journal (it must have the name QAUDJRN
and exist in QSYS):
CRTJRN JRN(QSYS/QAUDJRN)
TEXT('Audit log journal')
** Check the system value QAUDLVL with WRKSYSVAL. You must have
some entries to cause auditing. See the description of
possible entries and enter your required values such as
*AUTFAIL. You should also review the possible choices with
the QAUDCTL system value.
Creating the required data base files
-------------------------------------
The CRTAUDLOG command creates the files used by the AUDLOG function.
A typical command would be:
CRTAUDLOG AUDLOGLIB(xxx) ENTDTALEN(nnn)
where nnn is the length of the entry data length of the journal.
Using more than the 102 byte default will allow you to capture more
of the entry data for some journal entries. However, this will
increase the size of the file as the AUDATA field is a fixed length
field.
You can have multiple sets of audit log files, but only one set per
library. A single physical file AUDLOGP is created and 5 logical
files.
If you have created the required files and then wish to delete them,
the special command DLTAUDLOG should be used.
Converting the journal entries
------------------------------
You need to convert the journal entries to the data base files before
displaying or printing them. To convert the QAUDJRN entries from
your own system specify:
CVTAUDLOG AUDLOGLIB(xxx)
CVTAUDLOG should be specified on a regular basis such as once or
twice a day. If you have a 'start of day' or 'end of day' procedure,
CVTAUDLOG could be included or as a 'time dependent scheduling' job.
If you change the audit journal receiver at the end of the day, you
should follow this process with a CVTAUDLOG command.
An option exists on CVTAUDLOG to allow a new journal receiver to be
generated. You may use this option on CVTAUDLOG and then a command
like the TAA Tool MTNJRN to delete the old receivers.
CVTAUDLOG has the smarts to determine the last entry that was
converted for the current system and will only convert the journal
entries that have occurred after that point. Therefore, you may run
CVTAUDLOG whenever required to convert the current entries without
concerning yourself about duplicating the entries.
The process that CVTAUDLOG uses is to determine the last entry that
was converted previously. The journal receiver containing the entry
will be converted to a data base file and read. Conversion to the
audit log file does not start until entries which do not exist in the
audit log file are read. Therefore, to minimize conversion of the
journal receivers during your regular use of CVTAUDLOG, you should
switch to a new receiver before using CVTAUDLOG. This causes both
the old and new receivers to be read. Once the entries from the old
receiver have been converted, the old receiver will never be
converted again.
In V5R3, the system CRTJRN command changed the default of MNGRCV to
*SYSTEM. This means the system will change the journal receiver at
each IPL and reset the sequence number to 1 for the new receiver.
Note that DSPAUDLOG does not convert the journal. The information
will only be as current as the last use of CVTAUDLOG.
CVTAUDLOG uses DSPJRN and specifies a *TYPE5 format for the outfile
as of V7R1. This includes additional fields that are not in the
*TYPE1 format.
You must periodically clean out old entries from the data base files.
A special command MTNAUDLOG is provided for this function. See the
later discussion.
A special command CVTAUDLOG2 is used for converting journal entries
from other systems that you want to store in the same data base. See
the later discussion of CVTAUDLOG2.
A separate tool CVTAUDLOG3 is available to allow entries to be
converted as soon as they occur. An option exists with CVTAUDLOG3 to
allow a message to be sent immediately to a message queue if a
specific JournalCode/EntryType/SubType has occurred. See the
CVTAUDLOG3 documentation.
Displaying the entries (DSPAUDLOG command)
------------------------------------------
There are two methods of displaying entries.
** Display all of the entries for a range of dates and then use
the F9 key to position.
** Use the selection criteria on the command to display the
required entries.
A typical command to display all of the entries would be:
DSPAUDLOG AUDLOGLIB(xxx) STRDATE(*CURRENT)
A subfile is displayed with 'position to' values at the top of the
display. The default is to display the first entry for the current
day.
Two options exist for displaying a detail entry.
** An abbreviated version of the entry text (100 bytes) may
always be displayed.
** The full entry may be displayed by use of the system DSPJRN
command if the journal receiver containing the entry is still
on line. If the date/time/code/type are the same, multiple
entries may be displayed.
Journal entries have a common set of standard fields followed by
variable information termed 'entry data'. Each journal entry has a
one byte journal code and a 2 byte journal entry type. Different
journal codes may appear in the QAUDJRN journal, but you would
primarily see 'T' codes which are the 'audit entries'.
The 2 byte journal entry type varies depending on the type of audit
entry written. For example, you may see 'ZC' which is 'Change of an
object'.
The audit entries also include a sub entry type which is a one byte
character modifier of the 2 byte entry type.
The subfile display shows only the codes and entry type characters.
A description of the meaning of the codes and types can be found on
the detail display.
Each 2 byte audit entry type is supported by the system with a data
base file that describes the layout of each entry. The file formats
exist in QSYS and are named QASYxxJE. For example, the ZC entry has
a format of QASYZCJE.
When the detail display appears, the standard fields are described
and the variable information appears as a string called 'Entry data'.
You can see a description of what the entry data means by using F6 =
DSPDBFDTA. It will display the data using the format of the
corresponding journal entry.
For the T entries, the sub entry type is shown at the top of the
display along with the entry type. The data exists as the first byte
in the entry data. Rather than show this value, it is truncated off.
As you become familiar with what the entries mean and the variable
data, you will probably be able to determine what you want to know
without using the DSPDBFDTA command.
When the subfile display first appears, the sequence of the data is
system, date, and then time. This is due to the keyed sequence of
the access path being used to display the data.
You can change the sequence by using the F9 key. Assuming you
entered a value and pressed Enter, the subfile is re-displayed with
the new sequence. The 'position to' fields at the top of the display
change to correspond with the access path being used.
The F6 key is also supported to allow you to prompt for the PRTAUDLOG
command.
DSPAUDLOG also supports selection criteria on the command such as:
DSPAUDLOG AUDLOGLIB(xxx) STRDATE(*CURRENT)
USER(yyyy)
All the entries generated by the specified user that occurred today
would be displayed.
Printing the entries (PRTAUDLOG command)
----------------------------------------
The Print Audit Log command allows you to print the entries using
different selection and sequencing. For example, if you wanted to
print in order by user name for a specific entry type, you would
specify:
PRTAUDLOG SEQ(*USER) JOENTT(xx) AUDLOGLIB(xxx)
The command uses OPNQRYF to select and sequence the records and then
prints the records in a standard format.
The standard fields are always printed on the left hand side of the
listing.
The right hand side will contain the variable information in an
unformatted manner (same as on the detail display of the record using
DSPAUDLOG). There is no explanation of the data. If you are not
familiar with what the data means, use the DSPDBFDTA function from
DSPAUDLOG.
Maintaining the audit log files
-------------------------------
The CVTAUDLOG command converts entries into the audit log file. A
separate command MTNAUDLOG is used to delete entries.
Normally, you would run MTNAUDLOG periodically based on your
retention period of audit entries. The command supports the RTNDAYS
parameter which allows you to name your retention period in days.
A typical command would be:
MTNAUDLOG RTNDAYS(30) AUDLOGLIB(xxx)
This would remove all the entries that are 30 prior to the current
date.
MTNAUDLOG creates a work file AUDLOGP2 to copy records to based on
the retention date. The records are then copied back to the AUDLOGP
file using MBROPT(*REPLACE) and the AUDLOGP2 file is deleted.
A check occurs to ensure the AUDLOGP2 file does not exist when the
file is created. If so, it indicates a failure occurred during the
previous use of MTNAUDLOG and you must manually correct the error.
MTNAUDLOG supports the WRKFILLIB parameter. By default, this is the
same library as AUDLOGP. You may prefer to use a different library
which could be in a different ASP.
System auditing functions
-------------------------
The system supports a wide variety of auditing options such as the
use or change of an object or what an individual user does.
There are two system values and two commands you should become
familiar with.
** The QAUDCTL system value has some high level options to
control auditing. A typical setting would be:
*OBJAUD *AUDLVL *NOQTEMP
** The QAUDLVL system value (use QAUDLVL2 if many options need to
be entered) also helps control auditing. To log audit
failures, you must specify at least *AUTFAIL. Review the
other options to determine what is required for your system.
** The CHGOBJAUD command allows you to audit actions against an
individual object.
** The CHGUSRAUD command allows you to audit actions taken by an
individual user. CHGUSRAUD works in conjunction with
CHGOBJAUD so that you can audit actions taken by an individual
user on a specific object.
Examples
--------
All examples assume that the QAUDCTL system value includes *OBJAUD.
** To audit the use of any access to FILEA in library LIB1,
specify:
CHGOBJAUD OBJ(LIB1/FILEA) OBJTYPE(*FILE)
OBJAUD(*ALL)
** To log all commands entered by QSECOFR, specify:
CHGUSRAUD USRPRF(QSECOFR) AUDLVL(*CMD)
** To log any changes to FILEB in LIB1 taken by USERX, specify:
CHGOBJAUD OBJ(LIB1/FILEB) OBJTYPE(*FILE)
OBJAUD(*USRPRF)
CHGUSRAUD USRPRF(USERX) OBJAUD(*CHANGE)
Converting to a longer or shorter entry data length
---------------------------------------------------
To change the length of the AUDATA field (either larger or smaller),
and convert your current data, the RFMAUDLOG command may be used.
You should create an empty work library for use by the command and
retain it until you are satisfied with the reformatting.
** Create a temporary library. The name TMPAUDLOG will be used
in this example.
CRTLIB LIB(TMPAUDLOG)
** Use RFMAUDLOG and specify the desired field length for the
ENTDTALEN.
RFMAUDLOG AUDLOGLIB(TMPAUDLOG) WRKLIB(TMPAUDLOG)
ENTDTALEN(nnnn)
Securing the AUDLOGP file
-------------------------
The AUDLOGP file is created with PUBLIC(*EXCLUDE). This prevents the
*PUBLIC user from any access. The user who uses the CVTAUDLOG and
MTNAUDLOG commands must have *CHANGE authority to AUDLOGP. The
display or print functions will require *USE authority.
There is no method of preventing an *ALLOBJ user from changing the
data in the AUDLOGP file. What you can do is cause a journal entry
if any changes are made to the file and thus allow a review of who
has made a change. See the CHKAUDLOGP tool for a method of
determining if valid changes have been made to AUDLOGP.
You must set the QAUDCTL system value to *OBJAUD and then run the
command:
CHGOBJAUT OBJ(AUDLOGP) OBJTYPE(*FILE)
OBJAUD(*CHANGE)
Any user changing the file would cause a T ZC journal entry to be
written.
You can use DSPJRN to create an outfile of the T ZC entries and then
run a query or use SCNDTA to scan the JOESD field for AUDLOGP. You
should list the JOSEQN field as well as AUUSER.
Converting journal entries from other systems
---------------------------------------------
The AUDLOG tool lets you have a single data base with audit entries
from one or more systems. The high order key field for all logical
files is the system name.
Or you may want to use AUDLOG for multiple systems, but would rather
have unique files for each system (this would require one library per
system).
The steps described are the same for whether you have one or multiple
sets of files.
In the following discussion, the term 'master system' means the
system where AUDLOG will be run. The term 'remote system' means the
system that is only capturing audit entries, but not using the AUDLOG
tool.
The CVTAUDLOG command is used to convert the audit entries from the
master system.
The special command CVTAUDLOG2 is used to convert journal entries
from the remote systems. CVTAUDLOG2 must be run on the master
system. The remote system must do DSPJRN to get the audit journal
entries into a data base file that can be used by CVTAUDLOG2.
Do the following steps:
** Use DSPJRN on the remote system to convert the journal audit
entries to a data base file. A good time to do this would be
just after converting to a new journal receiver. You do not
have to concern yourself with ensuring that the same entry
only be converted once from the journal. When CVTAUDLOG2 is
run, it will bypass any journal entries that already exist in
the data base file.
When DSPJRN is used, you must specify OUTFILFMT(*TYPE5) and
ENTDTALEN of between 102 and 3000. A typical command would
be:
DSPJRN JRN(QAUDJRN) RCVRNG(*CURCHAIN) OUTPUT(*OUTFILE)
OUTFILFMT(*TYPE5) OUTFILE(xxx/DSPJRNP)
ENTDTALEN(102)
** You would then transfer the DSPJRNP file to the master system.
** Then run the CVTAUDLOG2 command on the master system as:
CVTAUDLOG2 JRNOUTF(DSPJRNP) AUDLOGLIB(xxx)
The audit data is then available to be reviewed or printed.
Security discussion
-------------------
To work with the audit journal, the user must have *ALLOBJ authority.
AUDLOG provides only a single command that works with the journal
object and that is CVTAUDLOG.
AUDLOG provides the TAAAUDLOG authorization list to allow an
authorized user to the list to use CVTAUDLOG. A user who has *USE
authority to the authorization list may use CVTAUDLOG to any set of
audit log files. This is the only function of the TAAAUDLOG
authorization list. The user authorized to TAAAUDLOG does not have
the automatic right to DSP or PRTAUDLOG. This allows a system
operator to perform the conversion on a regular basis.
The user who uses CRTAUDLOG becomes the owner of the data base files
that are created. To minimize exposures, you must have *ALLOBJ
special authority to use CRTAUDLOG. The AUDLOGP physical file is
created as AUT(*EXCLUDE). This prevents any other user from using
the data in the file by default (access to the logical files is
*PUBLIC).
The owner may authorize other users to *USE authority to the AUDLOGP
file. This will allow them to use the functions of DSPAUDLOG and
PRTAUDLOG.
The MTNAUDLOG command deletes old entries in the AUDLOGP file. To
run the command, the user must have *ALL authorization to the AUDLOGP
file.
The CVTAUDLOG2 command adds records to the AUDLOGP file from remote
systems. A user with *ALLOBJ authority on the remote system must use
DSPJRN to convert the QAUDJRN journal entries to a data base file.
The file is then placed on the master system. To run the CVTAUDLOG2
command, the user must have *ALL authorization to the AUDLOGP file.
Option 7 on DSPAUDLOG allows a direct display of the journal entry
itself assuming the journal receiver is online. To provide this
function, the TAASEDSC23 program adopts authority of QSECOFR to allow
the display. Since the user must have *USE authority to the AUDLOGP
file to use DSPAUDLOG, this is a safe use of program adoption. Code
within TAASEDSC23 prevents a user from calling the program directly
unless he has at least *USE authority to the AUDLOGP file.
Resetting the journal sequence number
-------------------------------------
In V5R3, the system change to the CRTJRN command using a default of
MNGRCV(*SYSTEM) causes the system to change the receiver at IPL and
restart the sequence number.
The audit log tool was changed to be tolerant of this. You do not
have to clear the audit log files if either the system or you reset
the sequence numbers.
CRTAUDLOG parameters *CMD
--------------------
AUDLOGLIB The name of the library where the audit log files
will be created.
ENTDTALEN The length of the entry data which contains variable
information about the journal entry.
The default is 102. Some journal entries have more
than 102 bytes. Increasing the size can cause a
significant growth in the AUDLOGP file if you are
capturing many journal entries. The AUDATA field is
a fixed length field in AUDLOGP.
The entry data length must be between 102 and 3000.
SRCLIB The source library to use for the QATTDDS file
source. The default is *TAAARC meaning the TAA
Archive.
A specific user library may be named, but the source
file must be QATTDDS.
CVTAUDLOG parameters *CMD
--------------------
RMVALLLFM A *YES/*NO parameter for whether the logical file
members should be removed before the update program
runs and then added back after. This is a
performance option. It is generally faster to
remove the members and then add them back if a large
percentage of records will be added to the file.
*NO is the default which should be used when a small
percentage of records are added.
*YES should be specified to improve the performance
when adding a large percentage of records.
GENNEWRCV Whether to generate a new journal receiver. *NO is
the default.
*YES may be specified to cause the CHGJRN command to
occur with JRNRCV(*GEN).
AUDLOGLIB The name of the library where the audit log files
exist. The default is *LIBL. *CURLIB may also be
used.
DSPAUDLOG parameters *CMD
--------------------
AUDLOGLIB The name of the library where the audit log files
exist. The default is *LIBL. *CURLIB may also be
used.
STRDATE The date to start the first display. The default is
*CURRENT which means the current day. A specific
date may be entered in YYMMDD format.
If a record does not exist for the date, the
previous days record will be shown
STRTIME The time to start the first display. The default is
000000 which means the first record of the requested
date.
ENDDATE The date to end the first display. The default is
*CURRENT which means the current day. A specific
date may be entered in YYMMDD format.
ENDTIME The time to end the first display. The default is
235959 which means the last record of the requested
date.
JOB The job to display. *ALL is the default. A
specific job name may be entered.
USER The user to display. *ALL is the default. A
specific user may be entered.
USERTYPE The user type to display on the subfile. *CURUSR is
the default to display the current user. *JOBUSR
may be specified to display the job user. The
detail display describes both.
JRNCDE A 3 part field for selection of the journal code.
1) The journal code to select. *ALL is the default.
A specific journal code such as 'T' for audit
entries may be displayed.
2) The journal entry type to select. *ALL is the
default. A specific journal entry type such as 'AF'
for authorization failures may be displayed.
3) The journal sub code to select. *ALL is the
default. A specific journal sub code such as 'K' be
displayed.
MTNAUDLOG parameters *CMD
--------------------
RTNDAYS The number of days of audit entries to retain. The
default is 30 meaning that any audit entries with a
date prior to 30 days ago will be deleted from the
file.
AUDLOGLIB The name of the library where the audit log files
exist. The default is *LIBL. *CURLIB may also be
used.
WRKFILLIB The name of the library where the AUDLOGP2 file will
be created as a work file during the copying of
data. If the AUDLOBP2 file already exists, it means
a failure occurred in the previous use of MTNAUDLOG
and you must manually correct the problem. The
records from AUDLOGP are copied based on the
retention date to AUDLOGP2 and then copied back to
AUDLOGP using MBROPT(*REPLACE). The AUDLOGP2 file
is then deleted.
*AUDLOGLIB is the default meaning the same library
where the AUDLOGP file exists.
A different library may be named which could be in
an ASP.
PRTAUDLOG parameters *CMD
--------------------
SEQ The sequence of the report. The default is *DATE
which means the sequence will be by system, date,
and time.
*CODE may be specified which means the sequence will
be by system, code, entry type, date, and time.
*USER may be specified which means the sequence will
be by system, user, date, and time.
*JOB may be specified which means the sequence will
be by system, job, date, and time.
*CODESUB may be specified which means the sequence
will be by system, code, entry type, sub type, date,
and time.
STRDATE The start date of the entries to select on. The
default is *TODAY meaning the current days date.
*FIRST may be specified meaning the oldest date in
the file.
A specific date may also be entered in CYYMMDD
format.
ENDDATE The end date of the entries to select on. The
default is *LAST meaning the last date in the file.
A specific date may also be entered in CYYMMDD
format.
USER The user to select on. The default is *ALL meaning
all users. A specific user may be named.
The user value is built on the JOUSPF field from the
journal entry and not the user portion of the job
name. In some cases, the actual user can be varied
within the job so the user value reflects the user
profile that caused the entry and not the job name.
JRNCDE A 3 part parameter to select the journal code, type,
and subtype. Up to 50 entries may be made.
*ALL is the default for journal code meaning all
journal codes. This will include some general
journal codes such as 'J' with an entry type of IN
meaning a normal IPL. A specific code may be named
such as 'T' for the audit entries.
*ALL is the default for journal entry types meaning
all journal entry types such as 'AF' for audit
failure. A specific entry type may be named.
*ALL is the default for journal entry sub type
meaning all sub types. A specific sub type type may
be named. Only the journal entries of JOCODE = T,
provide a sub type.
If a sub type is entered, the journal code and
journal type may not be *ALL.
JOB The default is *ALL meaning all job names. A
specific job name may be named.
STRTIME The default is *FIRST meaning the first time based
on the STRDATE parameter. A specific time may be
entered in the format HHMMSS.
ENDTIME The default is *LAST meaning the last time based on
the ENDDATE parameter. A specific time may be
entered in the format HHMMSS.
PROGRAM The default is *ALL meaning all programs. A
specific program may be entered. See the PRTOPT
parameter.
OBJ The default is *ALL objects in *ALL libraries. A
specific object and/or a specific library may be
entered. See the PRTOPT parameter.
Note that this parameter may only be used to select
those entries where a value exists in the journal
entry for the JOOBJ and JOLIB field. This can be
determined by using DSPAUDLOG and displaying the
details of an entry. If data exists for the
'Object/Library/Member' line, selection may be made.
MEMBER The default is *ALL members. A specific member may
be entered. See the PRTOPT parameter.
Note that this parameter may only be used to select
those entries where a value exists in the journal
entry for the JOMBR field. This can be determined
by using DSPAUDLOG and displaying the details of an
entry. If member data exists for the
'Object/Library/Member' line, selection may be made.
SYSTEM The default is *ALL meaning all systems. A specific
system may be entered.
ENTTXT How to print the entry text.
*YES is the default which will cause the description
of the audit code/type/subtype to appear on the
first line and a second line will contain the entry
data.
*NO may be specified which will cause the entry data
to appear on the first line. No second line will
appear.
*ONLY may be specified which will cause the
description of the audit code/type/subtype to appear
on the first line. No second line will appear.
PRTOPT An option to determine whether an extra line will be
printed with the program, object, object library,
and member associated with the entry. *NO is the
default.
*YES may be specified to print a line of
information. The 4 fields will be listed without
any identification if any value exists.
AUDLOGLIB The name of the library where the audit log files
exist. The default is *LIBL. *CURLIB may also be
used.
DLTAUDLOG parameters *CMD
--------------------
AUDLOGLIB The name of the library where the audit log files
will be deleted.
CVTAUDLOG2 parameters *CMD
---------------------
JRNOUTF The name of the qualified file that contains the
journal entries from another system. The library
defaults to *LIBL and *CURLIB may be used.
DSPJRN must have been used to create the file and
must have been specified as OUTFILFMT(*TYPE5) and an
ENTDTALEN value between 102 and 3000.
RMVALLLFM A *YES/*NO parameter for whether the logical file
members should be removed before the update program
runs and then added back after. This is a
performance option. It is generally faster to
remove the members and then add them back if a large
percentage of records will be added to the file.
*NO is the default which should be used when a small
percentage of records are added.
*YES should be specified to improve the performance
when adding a large percentage of records.
AUDLOGLIB The name of the library where the audit log files
exist. The default is *LIBL. *CURLIB may also be
used.
RFMAUDLOG parameters *CMD
--------------------
AUDLOGLIB The name of the library where the audit log files
exist. The default is *LIBL. *CURLIB may also be
used.
WRKLIB The work library that will be used to copy the
current files to. A unique library is desirable so
you can simplify review and deletion.
After the command completes, the old versions of the
files will be retained in the work library. When
you are satisfied with the new versions, delete the
files from the work library.
ENTDTALEN The length of the entry data which contains variable
information about the journal entry.
The default is 102. Some journal entries have more
than 102 bytes. Increasing the size can cause a
significant growth in the AUDLOGP file if you are
capturing many journal entries. The AUDATA field is
a fixed length field in AUDLOGP.
The entry data length must be between 102 and 3000.
SRCLIB The source library to use for the QATTDDS file
source. The default is *TAAARC meaning the TAA
Archive.
A specific user library may be named, but the source
file must be QATTDDS.
Restrictions
------------
Up to 3000 bytes of journal entry data from the JOESD field is
supported. The length of the AUDATA field is determined by the
ENTDTALEN parameter on CRTAUDLOG. If any additional entry data exist
beyond the size of the AUDATA field, it is truncated.
The use of Option 7 for DSPAUDLOG will cause multiple journal entries
to be displayed if they are the same time and type.
Prerequisites
-------------
The following TAA Tools must be on your system:
ADDDAT Add date
CHKALLOBJ Check *ALLOBJ authority
CPYTAADDS TAA Archive
CVTDSPDTA Convert display data
CVTJRNA Convert journal attributes
DSPDBFDTA Display data base file data
DSPJRNCDE Display journal codes
EDTVAR Edit variable
FILEFDBCK File feedback
HLRMVMSG HLL Remove message
PRTJRNCDE Print journal code
RMVALLLFM Remove all logical file members
RTVDBFA Retrieve data base attributes
RTVFLDA Retrieve data base field attributes
RTVSYSVAL3 Retrieve system value 3
SNDAUDMSG Send audit message
SNDCOMPMSG Send completion message
SNDDIAGMSG Send diagnostic message
SNDESCMSG Send escape message
SNDSTSMSG Send status message
WRTSRC Write source
Implementation
--------------
None, the tool is ready to use. You must use CRTAUDLOG to create the
required files and CVTAUDLOG to convert the entries before using DSP
or PRTAUDLOG.
Objects used by the tool
------------------------
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
CRTAUDLOG *CMD TAASEDS QATTCMD
CVTAUDLOG *CMD TAASEDS2 QATTCMD
DSPAUDLOG *CMD TAASEDS3 QATTCMD
MTNAUDLOG *CMD TAASEDS4 QATTCMD
DLTAUDLOG *CMD TAASEDS5 QATTCMD
PRTAUDLOG *CMD TAASEDS6 QATTCMD
CVTAUDLOG2 *CMD TAASEDS7 QATTCMD
RFMAUDLOG *CMD TAASEDS9 QATTCMD
TAASEDSC *PGM CLP TAASEDSC QATTCL
TAASEDSC2 *PGM CLP TAASEDSC2 QATTCL
TAASEDSC3 *PGM CLP TAASEDSC3 QATTCL
TAASEDSC4 *PGM CLP TAASEDSC4 QATTCL
TAASEDSC5 *PGM CLP TAASEDSC5 QATTCL
TAASEDSC6 *PGM CLP TAASEDSC6 QATTCL
TAASEDSC7 *PGM CLP TAASEDSC7 QATTCL
TAASEDSC9 *PGM CLP TAASEDSC9 QATTCL
TAASEDSC13 *PGM CLP TAASEDSC13 QATTCL
TAASEDSC14 *PGM CLP TAASEDSC14 QATTCL
TAASEDSC15 *PGM CLP TAASEDSC15 QATTCL
TAASEDSC23 *PGM CLP TAASEDSC23 QATTCL
TAASEDSR2 *PGM RPG TAASEDSR2 QATTRPG
TAASEDSR3 *PGM RPG TAASEDSR3 QATTRPG
TAASEDSR6 *PGM RPG TAASEDSR6 QATTRPG
TAASEDSR9 *PGM RPG TAASEDSR9 QATTRPG
TAASEDSR12 *PGM RPG TAASEDSR12 QATTRPG
TAASEDSR17 *PGM RPG TAASEDSR17 QATTRPG
TAASEDSD *FILE DSPF TAASEDSD QATTDDS
TAASEDSP *FILE PF TAASEDSP QATTDDS
TAASEDSL *FILE LF TAASEDSL QATTDDS
TAASEDSM *FILE LF TAASEDSM QATTDDS
TAASEDSN *FILE LF TAASEDSN QATTDDS
TAASEDSO *FILE LF TAASEDSO QATTDDS
TAASEDSQ *FILE LF TAASEDSQ QATTDDS
TAASEDSS *FILE PF TAASEDSS QATTDDS
TAAAUDLOG *AUTL
The files created from CRTAUDLOG use the following source.
File Source Description
---- ------ -----------
AUDLOGP TAASEDSP Physical
AUDLOGL TAASEDSL LF by system, date, and time
AUDLOGM TAASEDSM LF by system, code, type, date, time
AUDLOGN TAASEDSN LF by system, curr user, date, time
AUDLOGO TAASEDSO LF by system, job, date, time
AUDLOGQ TAASEDSQ LF by system, code, type, sub type,
date, time
The TAASEDSS file is copied from the source of QADSPJR5 with a larger
JOESD field.
Structure
---------
CRTAUDLOG Cmd
TAASEDSC CL pgm
CVTAUDLOG
TAASEDSC2 CL pgm
TAASEDSR12 RPG Pgm
TAASEDSR2 RPG Pgm
DSPAUDLOG
TAASEDSC3 CL pgm
TAASEDSR3 RPG Pgm
TAASEDSD Display file
TAASEDSC13 CL pgm - Converts to displayable entry data
TAASEDSC14 CL pgm - Uses DSPDBFDTA for T formats
TAASEDSC15 CL pgm - Prompts for PRTAUDLOG
TAASEDSC23 CL pgm - Displays full entry
MTNAUDLOG
TAASEDSC4 CL pgm
DLTAUDLOG
TAASEDSC5 CL pgm
PRTAUDLOG
TAASEDSC6 CL pgm
TAASEDSR6 RPG Pgm
CVTAUDLOG2
TAASEDSC7 CL pgm
TAASEDSR12 RPG Pgm
TAASEDSR17 RPG Pgm
TAASEDSR2 RPG Pgm
RFMAUDLOG
TAASEDSC9 CL pgm
TAASEDSR9 RPG Pgm
|
