TAA Tools

The  Convert Audit  Journal  Entries  command converts  specific  audit
entries  from the QAUDJRN  journal to  an outfile.   The format  of the
outfile  is determined  by the entry  type using  system supplied model
files.   The  intent  of  CVTAUDJRNE  is to  simplify  the  process  of
creating an  outfile that can  be used to  write a query  against audit

Note  that the  system command DSPAUDJRNE  is no  longer being enhanced
by the system and does not support many of the new entry types.

Only an *ALLOBJ user may use CVTAUDJRNE.

A typical command would be:


To allow  any conversion of  the AF  types, the  QAUDLVL (or  QAUDLVL2)
system value must be set so that one of the values is *AUTFAIL.

All AF audit entry  types from the current chain  of receivers would be
converted to the AFTYPE file in the specified library.

A  range of dates  and times may  be specified to  minimize the output.
The default is for all entries in the receiver chain.

For a basic listing use:

             PRTDB2       FILE(xxx/AFTYPE)

PRTDB2 will list as  many fields as fit  based on the file  definition.

To list the fields you need use:

             PRTDB        FILE(xxx/AFTYPE)

You will be prompted  for a list of fields  in the file.  Enter  'X' or
a sequence number to list the fields (left to right) in the output.

A  specific query  may also be  written.   You may  use the  TAA QRYUSE
tool or a specific query tool.

System support of auditing

The  system  supports a  wide range  of auditing  capability.   See the
system documentation  and the  system values QAUDCTL  and QAUDLVL  (and
QAUDLVL2).  Various options may be entered such as:

  **   *AUTFAIL = Any authorization failure (AF type).

  **   *CREATE = Any create in an external library (CO type).

  **   *DELETE = Any delete in an external library (DO type).

Audit  entries are  written to  the QAUDJRN  journal which  must exist.
Each  entry  type  (such as  AF  = Object  authority  failure),  uses a
unique format for the entries written to the journal.

The system supplies  model files for  each of the  entry types such  as
QASYAFJ5.  This  allows you to map  the entries to a  unique externally
described data base to assist in querying the data.

The  two system  values  allow for  more entries  than can  be  held by
QAUDLVL.  QAUDLVL will hold  up to 16 entries.   QAUDLVL2 will hold  up
to 999.    To use  QAUDLVL2, there  must be  an entry  in QAUDLVL  that
specifies  *QAUDLVL2.  The  system then  combines both sets  of values.
It  is possible to  use only QAUDLVL2,  if a single  entry of *QAUDLVL2
exists in QAUDLVL.

Determining the audit entry types

Use the  TAA command  DSPJRNCDE to see  a list  of all  of the  journal
entry  codes and  types.   The  audit entries  are  code 'T'.    If you
position  to code 'T',  you can  see all of  the entry  types for audit

You must know  the specific  audit entry  type you want  to process  in
order to use CVTAUDJRNE.

Why use CVTAUDJRNE versus the system support

The  system supplied  solution is  for you  to use  CRTDUPOBJ from  the
model  file in  QSYS to  create a  file to  be used  as the  outfile on
DSPJRN.  You must know the name  of the model file associated with  the
entry type you want to query.

You then use  DSPJRN to convert entries  to the file you  have created.

CVTAUDJRNE  simplifies  this  process  and  provides  a  more  straight
forward  solution than the  complex DSPJRN command.   You must know the
entry type you want  to query, but do not  have to know the  model file
nor many of the DSPJRN parameters.

CVTAUDJRNE escape messages you can monitor for

      CPF7062    No entries exist to convert.

Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD

   ENTTYP        The entry type you want to process.

                 If you  do not know the  entry type, use the  TAA tool
                 DSPJRNCDE.   Audit entries  are code =  'T'.  Position
                 to the  'T' codes  and  rollup to  review all  of  the
                 possible entry types.

   OUTFILE       The  output  file  that  you  want  to  convert  audit
                 entries  to.   The  library value  defaults  to *LIBL.
                 *CURLIB or a specific library may also be used.

                 If the  file does  not exist,  *LIBL may  not be  used
                 and  the  file  will  be   created  in  the  specified
                 library.   The  format  of the  system  supplied model
                 file  associated  with the  entry  type will  be used.
                 For example,  the model  file  for the  AF entry  type
                 (Object authority failure) is QASYAFJ5.

                 If the file  does exist, it must have  the same format
                 as the system supplied model file.

                 You  cannot   use  the  same  model  file  format  for
                 different entry  types.   You can  delete an  existing
                 file  and use  CVTAUDJRNE to  create a  new file  with
                 the correct model format.

   OUTMBR        The  member  to receive  the  output.   *FIRST  is the
                 default.  A specific member may be named.

                 If the member does not exist, it will be added.

   REPLACE       A *YES/*NO value  for whether to  replace the data  if
                 the member exists.

                 *YES  is  the  default  to  clear  the  member  before
                 writing records.

                 *NO may  be specified to  add records to  the existing

   FROMDATE      The   date  and  time   of  the  first   entry  to  be
                 considered for conversion.   The default is  *FIRST to
                 use the  first journal  entry of the  current receiver

                 The  special  value *CURRENT  may be  entered  to mean
                 today's date.

                 A specific date may be  entered in job format.  If  no
                 date is entered, a date of Jan 1, 1940 is used.

                 A specific time  may be entered in HHMMSS  format.  If
                 no time is entered, a time of 000000 is used.

   TODATE        The date  and time of the last  entry to be considered
                 for conversion.    The default  is  *LAST to  use  the
                 current  date  and  the  last  entry  in  the  current
                 receiver chain.

                 A specific  date may be entered in job  format.  If no
                 date is entered, the current date is used.

                 A  specific time may be entered  in HHMMSS format.  If
                 no time is entered, a time of 235959 is used.


Only an *ALLOBJ user may use CVTAUDJRNE.


The following TAA Tools must be on your system:

     CHKALLOBJ       Check *ALLOBJ special authority
     EDTVAR          Edit variable
     RSNLSTMSG       Resend last message
     RTVAUDMDLF      Retrieve audit model file
     RTVDAT          Retrieve date
     RTVFMT          Retrieve format
     RTVTIMSTM       Retrieve time stamp
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message
     SNDJLGMSG       Send job log message


None, the tool is ready to use.

Objects used by the tool

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CVTAUDJRNE    *CMD                   TAAJROL       QATTCMD
   TAAJROLC      *PGM       CLP         TAAJROLC      QATTCL

Added to TAA Productivity tools September 15, 2006

Home Page Up to Top