CVTAUDJRNE -- Convert Audit Journal Entries

CVTAUDJRNE CONVERT AUDIT JOURNAL ENTRIES TAAJROL
The Convert Audit Journal Entries command converts specific audit entries from the QAUDJRN journal to an outfile. The format of the outfile is determined by the entry type using system supplied model files. The intent of CVTAUDJRNE is to simplify the process of creating an outfile that can be used to write a query against audit entries. Note that the system command DSPAUDJRNE is no longer being enhanced by the system and does not support many of the new entry types. Only an ALLOBJ user may use CVTAUDJRNE. A typical command would be: CVTAUDJRNE ENTTYP(AF) OUTFILE(xxx/AFTYPE) To allow any conversion of the AF types, the QAUDLVL (or QAUDLVL2) system value must be set so that one of the values is AUTFAIL. All AF audit entry types from the current chain of receivers would be converted to the AFTYPE file in the specified library. A range of dates and times may be specified to minimize the output. The default is for all entries in the receiver chain. For a basic listing use: PRTDB2 FILE(xxx/AFTYPE) PRTDB2 will list as many fields as fit based on the file definition. To list the fields you need use: PRTDB FILE(xxx/AFTYPE) You will be prompted for a list of fields in the file. Enter 'X' or a sequence number to list the fields (left to right) in the output. A specific query may also be written. You may use the TAA QRYUSE tool or a specific query tool. System support of auditing -------------------------- The system supports a wide range of auditing capability. See the system documentation and the system values QAUDCTL and QAUDLVL (and QAUDLVL2). Various options may be entered such as: ** AUTFAIL = Any authorization failure (AF type). * CREATE = Any create in an external library (CO type). * DELETE = Any delete in an external library (DO type). Audit entries are written to the QAUDJRN journal which must exist. Each entry type (such as AF = Object authority failure), uses a unique format for the entries written to the journal. The system supplies model files for each of the entry types such as QASYAFJ5. This allows you to map the entries to a unique externally described data base to assist in querying the data. The two system values allow for more entries than can be held by QAUDLVL. QAUDLVL will hold up to 16 entries. QAUDLVL2 will hold up to 999. To use QAUDLVL2, there must be an entry in QAUDLVL that specifies QAUDLVL2. The system then combines both sets of values. It is possible to use only QAUDLVL2, if a single entry of QAUDLVL2 exists in QAUDLVL. Determining the audit entry types --------------------------------- Use the TAA command DSPJRNCDE to see a list of all of the journal entry codes and types. The audit entries are code 'T'. If you position to code 'T', you can see all of the entry types for audit entries. You must know the specific audit entry type you want to process in order to use CVTAUDJRNE. Why use CVTAUDJRNE versus the system support -------------------------------------------- The system supplied solution is for you to use CRTDUPOBJ from the model file in QSYS to create a file to be used as the outfile on DSPJRN. You must know the name of the model file associated with the entry type you want to query. You then use DSPJRN to convert entries to the file you have created. CVTAUDJRNE simplifies this process and provides a more straight forward solution than the complex DSPJRN command. You must know the entry type you want to query, but do not have to know the model file nor many of the DSPJRN parameters. CVTAUDJRNE escape messages you can monitor for ---------------------------------------------- CPF7062 No entries exist to convert. Escape messages from based on functions will be re-sent. Command parameters CMD ------------------ ENTTYP The entry type you want to process. If you do not know the entry type, use the TAA tool DSPJRNCDE. Audit entries are code = 'T'. Position to the 'T' codes and rollup to review all of the possible entry types. OUTFILE The output file that you want to convert audit entries to. The library value defaults to LIBL. CURLIB or a specific library may also be used. If the file does not exist, LIBL may not be used and the file will be created in the specified library. The format of the system supplied model file associated with the entry type will be used. For example, the model file for the AF entry type (Object authority failure) is QASYAFJ5. If the file does exist, it must have the same format as the system supplied model file. You cannot use the same model file format for different entry types. You can delete an existing file and use CVTAUDJRNE to create a new file with the correct model format. OUTMBR The member to receive the output. FIRST is the default. A specific member may be named. If the member does not exist, it will be added. REPLACE A YES/NO value for whether to replace the data if the member exists. YES is the default to clear the member before writing records. NO may be specified to add records to the existing data. FROMDATE The date and time of the first entry to be considered for conversion. The default is FIRST to use the first journal entry of the current receiver chain. The special value CURRENT may be entered to mean today's date. A specific date may be entered in job format. If no date is entered, a date of Jan 1, 1940 is used. A specific time may be entered in HHMMSS format. If no time is entered, a time of 000000 is used. TODATE The date and time of the last entry to be considered for conversion. The default is LAST to use the current date and the last entry in the current receiver chain. A specific date may be entered in job format. If no date is entered, the current date is used. A specific time may be entered in HHMMSS format. If no time is entered, a time of 235959 is used. Restrictions ------------ Only an ALLOBJ user may use CVTAUDJRNE. Prerequisites ------------- The following TAA Tools must be on your system: CHKALLOBJ Check ALLOBJ special authority EDTVAR Edit variable RSNLSTMSG Resend last message RTVAUDMDLF Retrieve audit model file RTVDAT Retrieve date RTVFMT Retrieve format RTVTIMSTM Retrieve time stamp SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message SNDJLGMSG Send job log message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CVTAUDJRNE CMD TAAJROL QATTCMD TAAJROLC *PGM CLP TAAJROLC QATTCL

CVTAUDJRNE      CONVERT AUDIT JOURNAL ENTRIES          TAAJROL


The  Convert Audit  Journal  Entries  command converts  specific  audit
entries  from the QAUDJRN  journal to  an outfile.   The format  of the
outfile  is determined  by the entry  type using  system supplied model
files.   The  intent  of  CVTAUDJRNE  is to  simplify  the  process  of
creating an  outfile that can  be used to  write a query  against audit
entries.

Note  that the  system command DSPAUDJRNE  is no  longer being enhanced
by the system and does not support many of the new entry types.

Only an *ALLOBJ user may use CVTAUDJRNE.

A typical command would be:

             CVTAUDJRNE   ENTTYP(AF) OUTFILE(xxx/AFTYPE)

To allow  any conversion of  the AF  types, the  QAUDLVL (or  QAUDLVL2)
system value must be set so that one of the values is *AUTFAIL.

All AF audit entry  types from the current chain  of receivers would be
converted to the AFTYPE file in the specified library.

A  range of dates  and times may  be specified to  minimize the output.
The default is for all entries in the receiver chain.

For a basic listing use:

             PRTDB2       FILE(xxx/AFTYPE)

PRTDB2 will list as  many fields as fit  based on the file  definition.

To list the fields you need use:

             PRTDB        FILE(xxx/AFTYPE)

You will be prompted  for a list of fields  in the file.  Enter  'X' or
a sequence number to list the fields (left to right) in the output.

A  specific query  may also be  written.   You may  use the  TAA QRYUSE
tool or a specific query tool.

System support of auditing
--------------------------

The  system  supports a  wide range  of auditing  capability.   See the
system documentation  and the  system values QAUDCTL  and QAUDLVL  (and
QAUDLVL2).  Various options may be entered such as:

  **   *AUTFAIL = Any authorization failure (AF type).

  **   *CREATE = Any create in an external library (CO type).

  **   *DELETE = Any delete in an external library (DO type).

Audit  entries are  written to  the QAUDJRN  journal which  must exist.
Each  entry  type  (such as  AF  = Object  authority  failure),  uses a
unique format for the entries written to the journal.

The system supplies  model files for  each of the  entry types such  as
QASYAFJ5.  This  allows you to map  the entries to a  unique externally
described data base to assist in querying the data.

The  two system  values  allow for  more entries  than can  be  held by
QAUDLVL.  QAUDLVL will hold  up to 16 entries.   QAUDLVL2 will hold  up
to 999.    To use  QAUDLVL2, there  must be  an entry  in QAUDLVL  that
specifies  *QAUDLVL2.  The  system then  combines both sets  of values.
It  is possible to  use only QAUDLVL2,  if a single  entry of *QAUDLVL2
exists in QAUDLVL.

Determining the audit entry types
---------------------------------

Use the  TAA command  DSPJRNCDE to see  a list  of all  of the  journal
entry  codes and  types.   The  audit entries  are  code 'T'.    If you
position  to code 'T',  you can  see all of  the entry  types for audit
entries.

You must know  the specific  audit entry  type you want  to process  in
order to use CVTAUDJRNE.

Why use CVTAUDJRNE versus the system support
--------------------------------------------

The  system supplied  solution is  for you  to use  CRTDUPOBJ from  the
model  file in  QSYS to  create a  file to  be used  as the  outfile on
DSPJRN.  You must know the name  of the model file associated with  the
entry type you want to query.

You then use  DSPJRN to convert entries  to the file you  have created.

CVTAUDJRNE  simplifies  this  process  and  provides  a  more  straight
forward  solution than the  complex DSPJRN command.   You must know the
entry type you want  to query, but do not  have to know the  model file
nor many of the DSPJRN parameters.

CVTAUDJRNE escape messages you can monitor for
----------------------------------------------

      CPF7062    No entries exist to convert.

Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   ENTTYP        The entry type you want to process.

                 If you  do not know the  entry type, use the  TAA tool
                 DSPJRNCDE.   Audit entries  are code =  'T'.  Position
                 to the  'T' codes  and  rollup to  review all  of  the
                 possible entry types.

   OUTFILE       The  output  file  that  you  want  to  convert  audit
                 entries  to.   The  library value  defaults  to *LIBL.
                 *CURLIB or a specific library may also be used.

                 If the  file does  not exist,  *LIBL may  not be  used
                 and  the  file  will  be   created  in  the  specified
                 library.   The  format  of the  system  supplied model
                 file  associated  with the  entry  type will  be used.
                 For example,  the model  file  for the  AF entry  type
                 (Object authority failure) is QASYAFJ5.

                 If the file  does exist, it must have  the same format
                 as the system supplied model file.

                 You  cannot   use  the  same  model  file  format  for
                 different entry  types.   You can  delete an  existing
                 file  and use  CVTAUDJRNE to  create a  new file  with
                 the correct model format.

   OUTMBR        The  member  to receive  the  output.   *FIRST  is the
                 default.  A specific member may be named.

                 If the member does not exist, it will be added.

   REPLACE       A *YES/*NO value  for whether to  replace the data  if
                 the member exists.

                 *YES  is  the  default  to  clear  the  member  before
                 writing records.

                 *NO may  be specified to  add records to  the existing
                 data.

   FROMDATE      The   date  and  time   of  the  first   entry  to  be
                 considered for conversion.   The default is  *FIRST to
                 use the  first journal  entry of the  current receiver
                 chain.

                 The  special  value *CURRENT  may be  entered  to mean
                 today's date.

                 A specific date may be  entered in job format.  If  no
                 date is entered, a date of Jan 1, 1940 is used.

                 A specific time  may be entered in HHMMSS  format.  If
                 no time is entered, a time of 000000 is used.

   TODATE        The date  and time of the last  entry to be considered
                 for conversion.    The default  is  *LAST to  use  the
                 current  date  and  the  last  entry  in  the  current
                 receiver chain.

                 A specific  date may be entered in job  format.  If no
                 date is entered, the current date is used.

                 A  specific time may be entered  in HHMMSS format.  If
                 no time is entered, a time of 235959 is used.

Restrictions
------------

Only an *ALLOBJ user may use CVTAUDJRNE.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHKALLOBJ       Check *ALLOBJ special authority
     EDTVAR          Edit variable
     RSNLSTMSG       Resend last message
     RTVAUDMDLF      Retrieve audit model file
     RTVDAT          Retrieve date
     RTVFMT          Retrieve format
     RTVTIMSTM       Retrieve time stamp
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message
     SNDJLGMSG       Send job log message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CVTAUDJRNE    *CMD                   TAAJROL       QATTCMD
   TAAJROLC      *PGM       CLP         TAAJROLC      QATTCL

Added to TAA Productivity tools September 15, 2006

Home Page

Up to Top