DSPAUDCMD -- Display Audit Command

DSPAUDCMD DISPLAY AUDIT COMMAND TAASEIS
The Display Audit Command command displays or lists audit records for a specific user for the AUDLVL(CMD) function. The AUDLOGP file (AUDLOG tool) is used. The user must be specified as CHGUSRAUD AUDLVL(CMD) which causes an audit entry for each command executed (including commands run in CL programs or REXX procedures). DSPAUDCMD provides a tailored solution for the 'T CD C' journal entries. You must have ALLOBJ special authority to use DSPAUDCMD. The file AUDLOGP (part of the AUDLOG tool) is used to access the information. You must convert the entries to the AUDLOGP file with the CVTAUDLOG command. The user to be audited must be specified as: CHGUSRAUD USRPRF(xxx) AUDLVL(CMD) Auditing for the user does not start until the next job is started for the user. The AUDLVL(CMD) function can cause a significant number of journal entries if the user who is being audited uses a lot of CL programs. A good use for DSPAUDCMD is where users who require ALLOBJ special authority need to be audited either all the time or periodically. After converting the audit journal entries to the AUDLOGP file using CVTAUDLOG, a typical command would be: DSPAUDCMD USER(xxx) The 'T CD C' audit entries for the user would be displayed. By default, only the commands entered using a command entry display would appear. The full command entered may be displayed by using an option on the display. In some cases, the system does not supply all of the command data. If you want to display the CL commands used by a specific CALL or command, it is probably best to specify the PERIOD parameter with a begin/end date and time and use CMDTYPE(ALL). This will reduce the number of CL program commands that must be reviewed. If you are only periodically reviewing certain users, you would want to specify CHGUSRAUD AUDLVL(NONE) when the review is complete to reduce the amount of audit entries being written. DSPAUDCMD escape messages you can monitor for --------------------------------------------- None. Escape messages from based on functions will be re-sent. DSPAUDCMD Command parameters CMD ---------------------------- USER The user profile to be selected. The user must be specified with CHGUSRAUD AUDLVL(CMD). The user is the one who caused the entry and may not be the user of the job. If a user profile swap occurs, the user name will differ from the user name of the qualified job name. CMDTYPE The type of command to be displayed. CMDENTRY is the default to display those commands entered from a command entry display. ALL may be specified to display both commands entered from a command entry display and commands run from CL programs. AUDLOGLIB The library where the AUDLOGP file exists. LIBL is the default. A specific name or CURLIB may be entered. The AUDLOGP file must be created by the AUDLOG tool (CRTAUDLOG command) and entries must be converted to the AUDLOGP file using one of the CVTAUDLOG commands. PERIOD The Begin/End Date/Time values to select on. The 'Beginning time' value defaults to AVAIL meaning the Begin Time value is not considered. If a time is entered, it is used in conjunction with the 'Beginning Date' to determine selection. The 'Beginning Date' value defaults to CURRENT meaning the current date. BEGIN may be entered to mean the first record in the AUDLOGP file. If a date is entered, it must be in job format and is used in conjunction with the 'Beginning Time' to determine selection. The 'Ending time' value defaults to AVAIL meaning the End Time value is not considered. If a time is entered, it is used in conjunction with the 'Ending Date' to determine selection. The 'Ending Date' value defaults to END meaning the End Date value is not considered. If a date is entered it must be in job format, and is used in conjunction with the 'Ending Time' to determine selection. JOB The job name to be selected. ALL is the default meaning all jobs. JOBNBR The job number to be selected. ALL is the default meaning all job numbers. PGM The program that caused the entry. The default is ALL meaning all programs are considered. In some audit entries, the program name may be blank. If a command is entered from a command entry display, the program may appear as QCMD or the program name of a higher program in the stack. SYSTEM The system name on which the entry occurred. The default is CURRENT meaning the current system. The AUDLOG tool allows the entries from multiple systems to be placed in a single AUDLOGP file. OUTPUT How to output the results. is the default to display the entries if the command is entered interactively. If the command is entered in batch or PRINT is specified, a spooled file is output. Restrictions ------------ You must have ALLOBJ special authority to use DSPAUDCMD. The file AUDLOGP (part of the AUDLOG tool) is used to access the information. USE authority is required. The user to be audited must be specified with CHGUSRAUD AUDLVL(CMD). Prerequisites ------------- The following TAA Tools must be on your system: AUDLOG Audit log CRTDUPPF Create duplicate physical file CVTTIM Convert time EDTVAR Edit variable RTVDAT Retrieve date RTVUSRTXT Retrieve user text RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- DSPAUDCMD CMD TAASEIS QATTCMD TAASEISC PGM CLP TAASEISC QATTCL TAASEISR PGM RPG TAASEISR QATTRPG TAASEISD FILE DSPF TAASEISD QATTDDS

DSPAUDCMD       DISPLAY AUDIT COMMAND                  TAASEIS


The Display Audit Command  command displays or lists audit  records for
a  specific  user for  the  AUDLVL(*CMD) function.    The AUDLOGP  file
(AUDLOG  tool)  is  used.   The  user  must be  specified  as CHGUSRAUD
AUDLVL(*CMD) which  causes an  audit  entry for  each command  executed
(including   commands  run   in  CL   programs  or   REXX  procedures).
DSPAUDCMD  provides  a  tailored  solution for  the  'T  CD  C' journal
entries.

You must have *ALLOBJ special authority to use DSPAUDCMD.

The file  AUDLOGP (part  of  the AUDLOG  tool) is  used to  access  the
information.   You must convert  the entries  to the AUDLOGP  file with
the CVTAUDLOG command.

The user to be audited must be specified as:

             CHGUSRAUD   USRPRF(xxx) AUDLVL(*CMD)

Auditing  for the  user does not  start until  the next job  is started
for the user.

The AUDLVL(*CMD) function  can cause  a significant  number of  journal
entries if the user who is being audited uses a lot of CL programs.

A good  use for DSPAUDCMD  is where users  who require *ALLOBJ  special
authority need to be audited either all the time or periodically.

After converting  the audit journal  entries to the  AUDLOGP file using
CVTAUDLOG, a typical command would be:

            DSPAUDCMD  USER(xxx)

The  'T  CD C'  audit  entries for  the user  would  be displayed.   By
default,  only the  commands  entered  using a  command  entry  display
would appear.

The full  command entered may  be displayed by  using an option  on the
display.    In  some cases,  the  system  does not  supply  all  of the
command data.

If you  want to display  the CL  commands used  by a  specific CALL  or
command, it  is probably best  to specify the  PERIOD parameter  with a
begin/end  date and time and  use CMDTYPE(*ALL).  This  will reduce the
number of CL program commands that must be reviewed.

If you are only  periodically reviewing certain  users, you would  want
to  specify CHGUSRAUD  AUDLVL(*NONE)  when the  review  is complete  to
reduce the amount of audit entries being written.

DSPAUDCMD escape messages you can monitor for
---------------------------------------------

None.  Escape messages from based on functions will be re-sent.

DSPAUDCMD Command parameters                          *CMD
----------------------------

   USER          The  user profile to  be selected.   The user  must be
                 specified with CHGUSRAUD AUDLVL(*CMD).

                 The  user is the one who  caused the entry and may not
                 be the  user  of the  job.   If  a user  profile  swap
                 occurs, the  user name will differ from  the user name
                 of the qualified job name.

   CMDTYPE       The type of command to be displayed.

                 *CMDENTRY  is the  default  to display  those commands
                 entered from a command entry display.

                 *ALL  may  be  specified  to  display  both   commands
                 entered  from a  command  entry  display and  commands
                 run from CL programs.

   AUDLOGLIB     The library  where the AUDLOGP file  exists.  *LIBL is
                 the default.    A  specific name  or  *CURLIB  may  be
                 entered.

                 The AUDLOGP  file must be  created by the  AUDLOG tool
                 (CRTAUDLOG command)  and entries must  be converted to
                 the   AUDLOGP   file  using   one  of   the  CVTAUDLOG
                 commands.

   PERIOD        The Begin/End Date/Time values to select on.

                 The  'Beginning   time'  value   defaults  to   *AVAIL
                 meaning the  Begin Time value  is not considered.   If
                 a  time is  entered,  it is  used in  conjunction with
                 the 'Beginning Date' to determine selection.

                 The  'Beginning  Date'  value  defaults  to   *CURRENT
                 meaning the  current date.   *BEGIN may be  entered to
                 mean  the first  record  in the  AUDLOGP file.    If a
                 date is  entered, it  must  be in  job format  and  is
                 used  in  conjunction with  the  'Beginning  Time'  to
                 determine selection.

                 The  'Ending time'  value defaults  to  *AVAIL meaning
                 the  End Time value  is not considered.   If a time is
                 entered, it is  used in  conjunction with the  'Ending
                 Date' to determine selection.

                 The 'Ending  Date' value defaults to  *END meaning the
                 End  Date  value is  not  considered.   If  a  date is
                 entered it  must be  in  job format,  and is  used  in
                 conjunction  with  the  'Ending   Time'  to  determine
                 selection.

   JOB           The  job name  to be  selected.   *ALL is  the default
                 meaning all jobs.

   JOBNBR        The job number to  be selected.   *ALL is the  default
                 meaning all job numbers.

   PGM           The program  that caused  the entry.   The default  is
                 *ALL meaning all programs are considered.

                 In  some  audit  entries,  the  program  name  may  be
                 blank.   If a command is  entered from a command entry
                 display,  the  program  may  appear  as  QCMD  or  the
                 program name of a higher program in the stack.

   SYSTEM        The  system name  on which  the entry  occurred.   The
                 default is *CURRENT meaning the current system.

                 The  AUDLOG  tool  allows  the  entries from  multiple
                 systems to be placed in a single AUDLOGP file.

   OUTPUT        How to  output  the results.    *  is the  default  to
                 display  the   entries  if  the  command   is  entered
                 interactively.

                 If  the  command  is entered  in  batch  or *PRINT  is
                 specified, a spooled file is output.

Restrictions
------------

You must have *ALLOBJ special authority to use DSPAUDCMD.

The file  AUDLOGP (part  of the  AUDLOG  tool) is  used to  access  the
information.  *USE authority is required.

The user to be  audited must be specified with  CHGUSRAUD AUDLVL(*CMD).

Prerequisites
-------------

The following TAA Tools must be on your system:

     AUDLOG          Audit log
     CRTDUPPF        Create duplicate physical file
     CVTTIM          Convert time
     EDTVAR          Edit variable
     RTVDAT          Retrieve date
     RTVUSRTXT       Retrieve user text
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   DSPAUDCMD     *CMD                   TAASEIS       QATTCMD
   TAASEISC      *PGM       CLP         TAASEISC      QATTCL
   TAASEISR      *PGM       RPG         TAASEISR      QATTRPG
   TAASEISD      *FILE      DSPF        TAASEISD      QATTDDS

Added to TAA Productivity tools April 15, 2011

Home Page

Up to Top