Resolution
Goal: Which journals are used by the product and what information do they contain?
Fact: NetIQ Security Solutions for iSeries 8.0
Fact: PSAudit
Fact: System Auditing and Reporting (SAR)
Fact: Data Auditing and Reporting (DAR)
Fact: PSSecure
Fact: Remote Request Management (RRM)
Fact: NetIQ Secure Configuration Manager
Fix: The product NetIQ Security Solutions for iSeries uses the following journals:
- QAUDJRN in library QSYS is the system security auditing journal. If it does not exist, it can be created via product menu interface: PSMENU, options 1, 1, 7, and 2 (Setup Security Journaling). Journal QAUDJRN contains system-generated security events and may contain user-generated events, such as those originating from PSAudit's SQL/QRY Monitor. The security reports from PSAudit/SAR derive their data from QAUDJRN receivers.
- DDJRN in library PSAUDIT is provided by PSAudit/DAR (Data Auditing and Reporting) and created as a system-managed journal. Journal DDJRN is strictly used for database (physical file) journaling and reporting of database file changes and accesses.The product menu interface for DAR reports is PSMENU, options 1 and 3. The DAR Changed Data Report and the DAR File Access Report derive their information from DDJRN receivers.
- PSJRN01 is PSCOMMON is provided by PSSecure/RRM (Remote Request Management) and created as a system-managed journal. Journal PSJRN01 contains events related to iSeries access from remote clients. The product menu interface for RRM reports is PSMENU, options 2, 3, 20, and 1 and 2. The various Transactions and Objects reports from PSSecure/RRM and PSAudit/SAR derive their data from PSJRN01 receivers.
- PSJRN02 is PSCOMMON is provided by PSSecure/RRM (Remote Request Management) and created as a system-managed journal. Journal PSJRN02 contains events related to changes in RRM configuration. The product menu interface for report from PSJRN02 is PSMENU, options 2, 3, 20, 3, and 3.
Additional Information
Formerly known as NETIQKB70332