DSPAUDJRNE (Display Audit Journal Entries) Command Description
DSPAUDJRNE Command syntax diagram
Purpose
The Display Audit Journal Entries (DSPAUDJRNE) command allows you to generate security journal audit reports. The reports are based on the audit entry types and the user profile specified on the command. Reports can be limited to specific time frames and detached journal receivers can be searched. The reports are directed to the active display or a spooled file.
Restrictions:
You must have *ALLOBJ and *AUDIT special authorities to use this command.
Optional Parameters
- ENTTYP
- Specifies the journal entry types to be included in the report.
AF: Authorization failure entries.
CA: Change authority entries.
CD: Command string entries.
CO: Create object entries.
CP: Change user profile entries.
CU: Cluster management operations.
CV: Connection verification.
DO: Delete object entries.
EV: Environment variable operations.
GR: Generic record.
IP: Interprocess communication.
JS: Actions against jobs entries.
ND: Directory search filter violations.
NE: End point filter violations.
OM: Object move or rename.
OR: Object restored entries.
OW: Object ownership changed entries.
PA: Program changed to adopt authority.
PG: Change of an object's primary group.
PO: Printed output entries.
PS: Profile swap.
PW: Invalid password entries.
SF: Action on spooled files entries.
SO: Server security user information actions.
SV: System values changed entries.
VO: Validation list successful and unsuccessful verify entries.
YC: DLO (document library object) object changed entries.
YR: DLO object read entries.
ZC: Object changed entries.
ZR: Object read entries.
- USRPRF
- Journal entries created for a user profile's actions are included in the report.
*ALL: The report will include entries for all user profiles.
user-profile-name: Specify the name of the user profile whose journal entries are to be included in the report.
- JRNRCV
- Specifies the name of the starting (first) and ending (last) journal receivers whose journal entries are searched.
Note: If the maximum number of receivers (256) in the range is surpassed, an error occurs and no journal entries are converted. *CURRENT: Journal entries in the currently attached journal receiver are searched.
*CURCHAIN: Journal entries in the currently attached journal receiver chain are searched. If there is a break in the chain, the receiver range is from the most recent break in the chain through the receiver that is attached when starting to convert journal entries.
Element 1: Starting Journal Receiver
The name of the staring journal receiver can be qualified by one of the following library values:
*LIBL: The library list is used to locate the journal receiver.
*CURLIB: The current library for the job is used to locate the journal receiver. If no library is specified as the current library for the job, QGPL is used.
library-name: Specify the library where the journal receiver is located.
starting-journal-receiver: Specify the name and library of the first journal receiver from which entries are searched.
Element 2: Ending Journal Receiver
*CURRENT: The journal receiver that is currently attached is used.
The name of the ending journal receiver can be qualified by one of the following library values:
*LIBL: The library list is used to locate the journal receiver.
*CURLIB: The current library for the job is used to locate the journal receiver. If no library is specified as the current library for the job, QGPL is used.
library-name: Specify the library where the journal receiver is located.
ending-journal-receiver: Specify the name and library of the last journal receiver from which entries are searched.
- FROMTIME
- Specifies the date and time of the first journal entry to be searched.
*FIRST: The first journal entry in the journal receiver becomes the starting point for the range of entries to be searched.
Element 1: Starting entry date
starting-date: Specify the starting date. The starting date and time of the first journal entry occurring at or after the specified starting date and time becomes the starting point for the range of entries to be searched.
Element 2: Starting entry time
starting-time: Specify the starting time. The starting date and time of the first journal entry occurring at or after the specified starting date and time becomes the starting point for the range of entries to be searched.
- TOTIME
- Specifies the creation date and time of the last journal entry to be searched.
*LAST: The last journal entry in the journal receiver becomes the ending point for the range of entries to be searched.
Element 1: Ending entry date
ending-date: Specify the ending date. The ending date and time of the first journal entry occurring at or before the specified ending time on the specified ending date becomes the ending point for the range of entries to be searched.
Element 2: Ending entry time
ending-time: Specify the ending time. The ending date and time of the first journal entry occurring at or before the specified ending time on the specified ending date becomes the ending point for the range of entries to be searched.
- OUTPUT
- Specifies whether the output from the command is shown at the requesting workstation or printed with the job's spooled output. More information on this parameter is in commonly used parameters.
*PRINT: The output is printed with the job's spooled output.
*: The output is shown (if requested by an interactive job) or printed with the job's spooled output (if requested by a batch job).
Example for DSPAUDJRNE
DSPAUDJRNE ENTTYP(AF) OUTPUT(*)A report containing all 'Authority Failure' audit records in the current journal receiver will be displayed on the active workstation.
Error messages for DSPAUDJRNE