Tweet
If anyone can help me out here I'd appreciate it very much. I am not that much an AS/400 person but am security officer for our systems (imagine that). I need a way to monitor login and logout times for selected user profiles. I've been jumping through hoops trying to get either our AS/400 support team or some programmers to help me out. What I'd like to do is be able to add a report to my weekly SAS70 auditing reports that lists all login and logout times for some generic IDs. These are IDs that have been setup just for the purpose of FTP'ing data to/from different systems within our company. I currently don't have these IDs in their own group but will definitely do that if it makes tracking them easier. I've been asked what file contains the info that a query could be run against but I haven't the foggiest idea of what it would be nor would I be able to determine what it was without investing a lot of time. Monitoring profile activity for login/logouts seems like a straightforward request. I am hoping someone already has something like this setup.
-
-
Monitoring login/logout of usrprf's
Mike, If I'm not mistaken you can use the Security audit to capture sign on and off information. Another place is the History Log itself. Whenever a user signs on a CPF1124 (I think it is the right number) is logged and when they log off CPF1164 (again not exactly sure of the message id) is logged. If you used the dsplog to a spool file and then copied the spool file to a database file you could have a program go through them. I'm not sure if you could extract what you want directly from the history log (it is a journal I believe). -
Monitoring login/logout of usrprf's
For processes running under selected userids you can use the CHGUSRAUD *JOBDATA and log to the audit log entry type 'JS' with the CPI2288 message (entry 'S'..job started, 'E' ..ended ..etc.). Thence you can process the QAUDJRN to a physical file and query your desired data .... see the AS400 Security manual SC41-8063 and its appendicies for formatsComment
-
Monitoring login/logout of usrprf's
If I'm not mistaken, CPF1124 and CPF1164 are the job started and job ended messages - these will only help for terminal signon. That may be what you are after, but if you want FTP and other sorts of network connections you'l probably have to go to the QAUDJRN and pull out the login and logout times fromt he journal. jte MC Security EditorComment
-
Monitoring login/logout of usrprf's
Thanks for all replies: I am definitely interested in logins/logouts of FTP IDs as these are the generic IDs that I need to capture info on. Here's a dumb question: - How do I pull data out of QUADJRN? I think last week I ran a DSPAUDLOG2 command and ended up getting QPRINT errors - to much info. DSPAUDLOG itself didn't work. We are running v4r5. Disclaimer - I am not an AS/400 person. I've only been told I'm one. I haven't the foggiest as to what I'm doing.Comment
Comment