System Auditing and Reporting security reports are blank. (NETIQKB31254)

  • Document ID:7731254
  • Creation Date:02-Feb-2007
  • Modified Date:08-Oct-2007
    • Micro Focus Products:
      Security Solutions for iSeries

Resolution

fact
VigilEnt Security Agent for iSeries 5.4/7.0

fact
VigilEnt Security Agent for AS/400 5.3/6.3

symptom
System Auditing and Reporting security reports are blank.

cause

Security Journaling may be inactive, a Journal Receiver Range is being used, or there may be a break in the chain of receivers.



fix

Perform the following checks to determine the cause:

Check to see that Security Journaling is active

From the PSAudit menu:

  1. Option 1 - System Auditing and Reporting
  2. Option 7  - System Setup and Defaults
  3. Option 4 - Work With Security Journaling. There should be a 1 next to *OBJAUD and *AUDLVL (1 in front of *NONE, indicated no journaling being done). Also check Auditing Options on this screen, if *NONE is selected, nothing is flagged to log. Use F10 to set up Auditing as recommended if desired.
  4. Use Option 2 - Setup Security Journaling from System Setup and Defaults menu to start journaling.

OR 

Check to see if there is a Journal Receiver Range being used

On the System Setup and Defaults menu:   

  1. Take Option 14 - Change Sec Journal Receiver Range, press Enter.
  2. If a receiver is indicated here, it is being used as the starting range and will impact output on reports. Try removing the receiver number and run the report again. 

OR

Check for a break in the chain of receivers

Check that receivers are in sequential order. As each receiver is detached/attached, they do so in sequence (ex. 1,2,3). When audit reports run, they check receivers from first to last. If there is a missing receiver, the checking will stop, therefore giving you a blank report.

  1. From a Command Line type WRKJRNA, press Enter.
  2. In the Journal field, enter QAUDJRN, press Enter.
  3. Use Option F15 to view the "Work with Receiver Directory" screen.  Determine if there are any breaks in the numerical chain of receivers.  If there are, either restore the missing receiver(s) or delete receivers prior to where the sequential break occurs.


Additional Information

Formerly known as NETIQKB31254