TAA Tools
DSPAUDLOG2     DISPLAY AUDIT LOG 2                     TAASECM

The  DSPAUDLOG2  command   is  the  old   form  of  the   AUDLOG  tool.
DSPAUDLOG2  displays  the   contents  of  the  security  audit  journal
(QAUDJRN).    The output  is always  printed to  a  spooled file.   The
default will  use DSPSPLF  to display the  printed output.   An  option
can be used to select the level of detail to be presented.

The  system no  longer  provides  message IDs  for  new audit  entries.
DSPAUDLOG2  will  only  perform correctly  on  audit  entries  that are
supported by  a  message  ID.   The  new  tool AUDLOG  should  be  used

A typical use of the command is:


       All  entries  from  the   current  audit  journal  receiver  are
       displayed.  Only the first level text appears.


       All  entries   from  the  current  audit  journal  receiver  are
       printed.  The second level text is shown.

               DSPAUDLOG2   OPTION(yyyy/xxxx) OUTPUT(*PRINT)

       Entries that  have been  stored in  the specified  file for  the
       OPTION parameter are printed.

If the default OPTION(*CURRENT)  is used, the file AUDITJRN  will exist
in QTEMP.   It can  be specified in  another DSPAUDLOG2 command  to use
the information that has already been converted.

Journal  entry codes  of 'T'  and 'U' are  always selected.   All entry
types are selected by default,  but an option exists to select  a type.

Entry type codes

The following describes  the entry types that are  sent during security

    AD     Auditing changes
    AF     Object authority failure
    AP     Obtaining adopted authority
    CA     Object authority change
    CD     Command string audit
    CO     New object created
    CP     User profile created or changed
    CQ     Change of *CRQD object
    DO     Object deleted
    DS     DST Security Officer password reset
    FB     Blocked instruction violation
    FC     Program validation value error during restore
    FD     Object domain violation
    FJ     SBMJOB and not authorized to user in JOBD
    FP     Profile handle specified on QWTSETP not valid
    FR     Read only storage violation
    FS     Signon requested using default user profile
    GS     Give descriptor
    IP     Interprocess communication
    JD     Create/change of a JOBD with a user profile
    JS     Actions that effect jobs
    ML     Office services mail actions
    NA     Network attribute changed
    OM     Move or rename an object
    OR     Restore of an object without ownership change
    OW     Object owner change
    O1     (Optical access) Single file or directory
    O2     (Optical access) Dual file or directory
    O3     (Optical access) Volume
    PA     CHGPGM used to change to program adopt
    PG     Change of an object's primary group
    PO     Printed output
    PS     Target user profile changed during passthru or via QSYGETPH
    PW     Invalid password
    RA     Restore object and authority changed
    RJ     Restoring job description with user profile specified
    RO     Change of object owner during restore

Entry type codes continued

    RP     Restore of a program that adopts authority
    RQ     Restoring a *CRQD object
    RU     Restoring user profile authority
    RZ     Changing a primary group during restore
    SD     Changes to system distribution directory
    SE     Routing entry changed in a subsystem
    SF     Actions to spooled files
    SM     System management changes
    ST     Use of service tools
    SV     System value changed
    VA     Changing an access control list
    VC     Starting or ending a connection
    VF     Closing server files
    VL     Account limit exceeded
    VN     Logging on and off the network
    VP     Network password error
    VR     Network resource access
    VS     Starting or ending a server session
    VU     Changing a network profile
    VV     Changing a service status
    YC     DLO object accessed (changed)
    YR     DLO object accessed (read)
    ZC     Object accessed (changed)
    ZM     SOM method access
    ZR     Object accessed (read)

User entries sent to QAUDJRN

A  user entry may be  sent to QAUDJRN  using SNDJRNE.   If a user entry
exists, the first 100 bytes of the  entry are printed as if it was  the
first level  text.  The  entry is flagged with  'U-'.  No  second level
text will appear.

Command parameters                                    *CMD

   OPTION        Selects the entries to be displayed.

                 *CURRENT  -  This  option  requests  that all  entries
                 from the  current journal  receiver be  displayed.   A
                 DSPJRN command  will be used  to retrieve  the entries
                 from the current journal receiver.

                 filename -  This option requests entries  found in the
                 named  file be  presented.   The file  named should be
                 created using the following sample DSPJRN command.

                   DSPJRN     JRN(QAUDJRN) JRNCDE(T U) ENTDTALEN(357) +
                               OUTPUT(*OUTFILE) OUTFILFMT(*TYPE2) +
                               OUTFILE(mylib/myfile)  +
                               RCVRNG(       )  ENTTYP(    )

                 Use  the file-name  option  when  entries  from  other
                 than  the current  journal receiver  are needed.   The
                 RCVRNG   keyword  should  be   used  to  identify  the
                 required  journal  receivers.    Another  use  of  the
                 filename option is  when you want to  use the existing
                 AUDITJRN  file in QTEMP  created by a  previous use of

   STRDATE       The  start  date   of  the  journal   entries  to   be
                 converted.    The default  is  *TODAY  meaning  todays
                 date.   *FIRST may be specified which  means the first
                 journal  entry  found.   The date  must be  entered in
                 job format.

   ENDDATE       The end date of  the journal entries to  be converted.
                 The  default  is  *LAST  meaning all  of  the  journal
                 entries  in the journal.   *TODAY may  be specified to
                 mean todays date.   The  date must be  entered in  job
                 format and  must be greater than  the start date.   If
                 a  date is specified, it  must be in  the same century
                 as the STRDATE.

   ENTTYP        *ALL is  the  default  to  select  all  journal  entry
                 types.  A  list of up to  10 types may be named.   See
                 the previous  section on the codes that  are used.  If
                 user  entries have  been written  to the  journal, the
                 entry type may also be specified.

   OUTTYP        *BASIC is  the  default  and prints  the  first  level
                 text.    *SECLVL  prints  both the  first  and  second
                 level text.

   OUTPUT        Selects where the output from the command is sent.

                 *  -  If interactive,  display  the  information using
                 DSPSPLF.  If in batch, the information is printed.

                 *PRINT - Print the information.


To  run DSPAUDLOG2  with  OPTION(*CURRENT),  the  user  must  meet  the
authorities required  by the DSPJRN command.   The user must  have *USE
and *OBJEXIST authority to the journal QAUDJRN.

To  run  DSPAUDLOG2 with  OPTION(file-name),  the user  must  have *USE
authority to the file and library.

A  user   with  *ALLOBJ   authority  may   run  the   command   without


The following TAA Tools must be on your system:

           EXTLST         Extract list
           RTVSYSVAL3     Retrieve system value 3
           SNDCOMPMSG     Send completion message
           SNDESCMSG      Send escape message
           SNDSTSMSG      Send status message


None, the tool is ready to use.

Objects used by the tool

   Object        Type        Attribute      Src member    Src file
   ------        ----        ---------      ----------    ----------

   DSPAUDLOG2    *CMD                      TAASECM        QATTCMD
   TAASECMC      *PGM       CL             TAASECMC       QATTCL
   TAASECMC2     *PGM       CL             TAASECMC2      QATTCL
   TAASECMR      *PGM       RPG            TAASECMR       QATTCL

Added to TAA Productivity tools April 1, 1995

Home Page Up to Top