DSPAUDLOG2 DISPLAY AUDIT LOG 2 TAASECM
The DSPAUDLOG2 command is the old form of the AUDLOG tool.
DSPAUDLOG2 displays the contents of the security audit journal
(QAUDJRN). The output is always printed to a spooled file. The
default will use DSPSPLF to display the printed output. An option
can be used to select the level of detail to be presented.
The system no longer provides message IDs for new audit entries.
DSPAUDLOG2 will only perform correctly on audit entries that are
supported by a message ID. The new tool AUDLOG should be used
A typical use of the command is:
All entries from the current audit journal receiver are
displayed. Only the first level text appears.
DSPAUDLOG2 OUTTYP(*SECLVL) OUTPUT(*PRINT)
All entries from the current audit journal receiver are
printed. The second level text is shown.
DSPAUDLOG2 OPTION(yyyy/xxxx) OUTPUT(*PRINT)
Entries that have been stored in the specified file for the
OPTION parameter are printed.
If the default OPTION(*CURRENT) is used, the file AUDITJRN will exist
in QTEMP. It can be specified in another DSPAUDLOG2 command to use
the information that has already been converted.
Journal entry codes of 'T' and 'U' are always selected. All entry
types are selected by default, but an option exists to select a type.
Entry type codes
The following describes the entry types that are sent during security
AD Auditing changes
AF Object authority failure
AP Obtaining adopted authority
CA Object authority change
CD Command string audit
CO New object created
CP User profile created or changed
CQ Change of *CRQD object
DO Object deleted
DS DST Security Officer password reset
FB Blocked instruction violation
FC Program validation value error during restore
FD Object domain violation
FJ SBMJOB and not authorized to user in JOBD
FP Profile handle specified on QWTSETP not valid
FR Read only storage violation
FS Signon requested using default user profile
GS Give descriptor
IP Interprocess communication
JD Create/change of a JOBD with a user profile
JS Actions that effect jobs
ML Office services mail actions
NA Network attribute changed
OM Move or rename an object
OR Restore of an object without ownership change
OW Object owner change
O1 (Optical access) Single file or directory
O2 (Optical access) Dual file or directory
O3 (Optical access) Volume
PA CHGPGM used to change to program adopt
PG Change of an object's primary group
PO Printed output
PS Target user profile changed during passthru or via QSYGETPH
PW Invalid password
RA Restore object and authority changed
RJ Restoring job description with user profile specified
RO Change of object owner during restore
Entry type codes continued
RP Restore of a program that adopts authority
RQ Restoring a *CRQD object
RU Restoring user profile authority
RZ Changing a primary group during restore
SD Changes to system distribution directory
SE Routing entry changed in a subsystem
SF Actions to spooled files
SM System management changes
ST Use of service tools
SV System value changed
VA Changing an access control list
VC Starting or ending a connection
VF Closing server files
VL Account limit exceeded
VN Logging on and off the network
VP Network password error
VR Network resource access
VS Starting or ending a server session
VU Changing a network profile
VV Changing a service status
YC DLO object accessed (changed)
YR DLO object accessed (read)
ZC Object accessed (changed)
ZM SOM method access
ZR Object accessed (read)
User entries sent to QAUDJRN
A user entry may be sent to QAUDJRN using SNDJRNE. If a user entry
exists, the first 100 bytes of the entry are printed as if it was the
first level text. The entry is flagged with 'U-'. No second level
text will appear.
Command parameters *CMD
OPTION Selects the entries to be displayed.
*CURRENT - This option requests that all entries
from the current journal receiver be displayed. A
DSPJRN command will be used to retrieve the entries
from the current journal receiver.
filename - This option requests entries found in the
named file be presented. The file named should be
created using the following sample DSPJRN command.
DSPJRN JRN(QAUDJRN) JRNCDE(T U) ENTDTALEN(357) +
OUTPUT(*OUTFILE) OUTFILFMT(*TYPE2) +
RCVRNG( ) ENTTYP( )
Use the file-name option when entries from other
than the current journal receiver are needed. The
RCVRNG keyword should be used to identify the
required journal receivers. Another use of the
filename option is when you want to use the existing
AUDITJRN file in QTEMP created by a previous use of
STRDATE The start date of the journal entries to be
converted. The default is *TODAY meaning todays
date. *FIRST may be specified which means the first
journal entry found. The date must be entered in
ENDDATE The end date of the journal entries to be converted.
The default is *LAST meaning all of the journal
entries in the journal. *TODAY may be specified to
mean todays date. The date must be entered in job
format and must be greater than the start date. If
a date is specified, it must be in the same century
as the STRDATE.
ENTTYP *ALL is the default to select all journal entry
types. A list of up to 10 types may be named. See
the previous section on the codes that are used. If
user entries have been written to the journal, the
entry type may also be specified.
OUTTYP *BASIC is the default and prints the first level
text. *SECLVL prints both the first and second
OUTPUT Selects where the output from the command is sent.
* - If interactive, display the information using
DSPSPLF. If in batch, the information is printed.
*PRINT - Print the information.
To run DSPAUDLOG2 with OPTION(*CURRENT), the user must meet the
authorities required by the DSPJRN command. The user must have *USE
and *OBJEXIST authority to the journal QAUDJRN.
To run DSPAUDLOG2 with OPTION(file-name), the user must have *USE
authority to the file and library.
A user with *ALLOBJ authority may run the command without
The following TAA Tools must be on your system:
EXTLST Extract list
RTVSYSVAL3 Retrieve system value 3
SNDCOMPMSG Send completion message
SNDESCMSG Send escape message
SNDSTSMSG Send status message
None, the tool is ready to use.
Objects used by the tool
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
DSPAUDLOG2 *CMD TAASECM QATTCMD
TAASECMC *PGM CL TAASECMC QATTCL
TAASECMC2 *PGM CL TAASECMC2 QATTCL
TAASECMR *PGM RPG TAASECMR QATTCL
Added to TAA Productivity tools April 1, 1995