Tweet
the best method for what you are talking about is to review the JOBLOG and decide which messages are relevant to your needs. then use DSPJOBLOG to *OUTFILE and then have a program parse out the specific messages, job name, user id, time started, time ended, etc, etc.[*]** start with a short time period, depending on how many jobs you have on your system. dont want to overload your senses write the parsed data to a file. read the file with query for ad-hoc reporting or RPG for set reports and print away! once you have some good reports, automate the job(s). do not know how SOX compliant that is, but i am certain that no matter what, your auditors will want to add to it, so start out so that you have something and then let THEM define the upgrades. -bret
-
-
System Security Help!!
Scatterload, many thanks for your prompt response. My plan is somewhat similar to what you suggested. DSPLOG does not allow me to send output directly to an Outfile, but DSPJOBLOG does. However, I need to capture security related CPFs from the History Log. Looking at the DSPJOBLOG command, it seems to restrict me to a Job Name or Current User (*). Therefore, I think I may have to use the DSPLOG followed by a CPYSPLF to get the output in a file and subsequently run the query. However, I was hoping that someone in a Banking environment might have a list of CPFs that frequently monitored to ensure that no unwarranted activity is being executed on the box by the Super Users. -
System Security Help!!
duhh!!! that's right, i left out the cpysplf. have not had to revisit this for many years. as for the DSPJOBLOG by *USER, you can DSPUSRPRF to an *OUTFILE and then loop (using DOWHILE/DOUNTIL if on latest) or use a GOTO to get each subsequent record. used this method to write queries that ran weekly, to give me updated listing of users and user classes. -bretComment
-
System Security Help!!
dont forget the other CPx messages. CPI1131 - System logged user off - This can tell you who may be leaving themselves logged on, and walking away long enough to timeout. if they are gone that long, a corporate spy could do some damage. -bretComment
-
System Security Help!!
We would like to monitors our Super Users in our 570 shop. We tried doing it by incorporating an authorization List and using the CHGUSRJOB command to monitor the users for *CMD. This generated a some data which was later captured using Journaling. We then ran a query and on the JRNRCV and got a report. But this process captures every command executed interactively or by batch. Therefore it is not suitable. However, we need to comply with SOX. I was hoping that I could capture CPF message from the DSPLOG and run a query to generate a report. Does anybody know what CPF msgs I can monitorfor? Is there a list that possibly a bank uses to comply with SOX? Thank you.Comment
-
System Security Help!!
Another way is to use the security journal to audit specific system administration type of activity. Then you can journal your critical financial files and audit for who is making changes to your production files. The most important thing I think for you to know (in my experience) is that a process for reviewing is in place and you are able to show this evidence to the auditors. Ensure the person performing the reviews is also appropriate.Comment
Comment