How can I audit changes to the ISM configuration? (NETIQKB70622)

  • Document ID:7770622
  • Creation Date:23-Aug-2007
  • Modified Date:21-Sep-2007
    • Micro Focus Products:
      Security Solutions for iSeries

Environment

Fact: NetIQ Security Solutions for iSeries 8.0

Fact: PSSecure

Fact: Inactive Session Monitor (ISM)

Situation

Goal: How can I audit changes to the ISM configuration?
Goal: How can I keep track of changes made to the ISM setup?

Resolution

Fix: To keep track of changes to the ISM configuration, journal the following ISM database files in library PSSECURE:

ASPF20  - PROGRAM EXCLUSIONS

ASPF26  - CONTROLLER EXCLUSIONS

ASPF30  - USER PROFILE EXCLUSIONS (user-maintained)

ASPF40  - WORKSTATION EXCLUSIONS (user-maintained)

AS0021F - Subsystems to monitor

You can use PSAudit/DAR (Data Auditing and Reporting) to journal and audit ISM database files.

You can use STRJRNOBJ or CHGOBJAUD on the following ISM data areas in library PSSECURE:

ASDA01

ASDA02

ASDA03

ASDA04

ASDA05

ASDA06

ASDA60

ASDEBUG

ASINLPGM

Additional Information

Formerly known as NETIQKB70622

You do not need to journal and audit the following ISM work files:

ASPF01  - ACTIVE JOBS - 1ST VALUES

ASPF02  - ACTIVE JOBS - 2ND VALUES

ASPF03  - Program Exclusions DSPJOB work file

ASPF04  - WrkActJob outfile

ASPF05  - Outfile for DSPOBJD *USRPRF

ASPF06  - JOBS ENDING

ASPF07  - Job Info: CPU Cycles, interactive transactions, etc.

ASPF32  - USER PROFILE EXCLUSIONS (system-expanded)

ASPF42  - WORKSTATION EXCLUSIONS (system-expanded)

ASPF50  - MONITOR STATISTICS

ASPF60  - DSCJOB

ASPF90  - 132-byte record length work file

You do not need to journal and audit ISM work data area ASDA10.