Goal: Which journals are used by the product and what information do they contain?
Fact: NetIQ Security Solutions for iSeries 8.0
Fact: System Auditing and Reporting (SAR)
Fact: Data Auditing and Reporting (DAR)
Fact: Remote Request Management (RRM)
Fact: NetIQ Secure Configuration Manager
Fix: The product NetIQ Security Solutions for iSeries uses the following journals:
- QAUDJRN in library QSYS is the system security auditing journal. If it does not exist, it can be created via product menu interface: PSMENU, options 1, 1, 7, and 2 (Setup Security Journaling). Journal QAUDJRN contains system-generated security events and may contain user-generated events, such as those originating from PSAudit's SQL/QRY Monitor. The security reports from PSAudit/SAR derive their data from QAUDJRN receivers.
- DDJRN in library PSAUDIT is provided by PSAudit/DAR (Data Auditing and Reporting) and created as a system-managed journal. Journal DDJRN is strictly used for database (physical file) journaling and reporting of database file changes and accesses.The product menu interface for DAR reports is PSMENU, options 1 and 3. The DAR Changed Data Report and the DAR File Access Report derive their information from DDJRN receivers.
- PSJRN01 is PSCOMMON is provided by PSSecure/RRM (Remote Request Management) and created as a system-managed journal. Journal PSJRN01 contains events related to iSeries access from remote clients. The product menu interface for RRM reports is PSMENU, options 2, 3, 20, and 1 and 2. The various Transactions and Objects reports from PSSecure/RRM and PSAudit/SAR derive their data from PSJRN01 receivers.
- PSJRN02 is PSCOMMON is provided by PSSecure/RRM (Remote Request Management) and created as a system-managed journal. Journal PSJRN02 contains events related to changes in RRM configuration. The product menu interface for report from PSJRN02 is PSMENU, options 2, 3, 20, 3, and 3.