Analyze Your Audit Journal withRPG

摘要

Depending on how your system audit journal QAUDJRN is configured, it contains a wealth of information that not only reveals ongoing system activity, but also documents possible attempts to compromise system security and access controls. Given this comprehensive source of audit and security information and the enormous amount of data often available, the challenge quickly becomes the task of filtering out the events and actions of specific interest to security officers responsible for system security in general, and of course to internal and external system auditors in particular. This article explains how to filter out those events and actions using the preferred Analyze Audit Journal (ANZAUDJRN) command.