Forensics
AS400 logs help Jul 13 2007 09:45PM
Fernando Diego Daffara (fernandodaffara epicsoft com ar) (4 replies)
RE: AS400 logs help Jul 17 2007 04:24PM
Shannon.ONeil (Shannon ONeil target com)
Re: AS400 logs help Jul 17 2007 02:43AM
Michael Sorbera (msorbera satx rr com)
Re: AS400 logs help Jul 17 2007 01:32AM
xelerated (xelerated gmail com)
Re: AS400 logs help Jul 17 2007 12:39AM
Esteban Farao (efarao gmail com)
Hi Fernando,
The first thing that you have to check is whether the audit logs are
enabled or not.
Check the values of the QAUDLVL or QAUDLVL2 system values. The should
have *AUDLVL.
Assuming that they are enabled, you should performe a display journal
by using the command DSPJRN. Following is an example:
DSPJRN JRN(QSYS/QAUDJRN) OUTPUT(*OUTFILE) OUTFILFMT(*TYPE5) OUTFILE(LOGWFILE2)

The aforementioned command will create a text file called LOGWFILE2
will all the information in the Audit Journal.

The layout of the Audit Journal and other security related information
are specified in the this link
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/books/c4153026.pdf

Best Regards,
Esteban Farao

On 7/13/07, Fernando Diego Daffara <fernandodaffara (at) epicsoft.com (dot) ar [email concealed]> wrote:
> Hi, I could use some (all) help! I have to make a forensics analysis of the
> AS400 login/logoff logs records. But i don't have any idea about where to
> start looking! :-(
>
> AS400 is another world! Could someone get my an idea about how to start
> looking, some web links, etc?
>
> I will be able to ask to the AS400 administrator for the data, but I want to
> go witch some idea about AS400 logs, how to look it, where they are, how
> long do they are maintained?
>
> Thanks in advance and I'm really shamed because of my English!
>
> Fernando.
>
> Argentina
>
>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus