Answer:
1. Use command STRAUD on the iSeries command line to start Audit
2. From the main menu choose option 13 Status & Active Job (Action)
3. From the Work with Status & Active Job Rules screen select entry @J
4. From the Modify Selection Rule screen, Perform action is marked as: Y and Action is marked as *ADD
5. From the Filter Conditions screen for each field choose a test condition and value and bind them either with the A for "and" or O for "or" .
6. For example, to choose more than one value in the Test column (such as LIST), the values should be separated by a blank and are treated as an AND condition, which means that they are binding: i.e., the first, second, third and so on all must be real.
Answer:
1. Start audit using command STRAUD
2. Select option: 1. OS/400 Audit Features
3. Select option: 41. Native Object Auditing
4. Verify that the screen Work with Object Auditing has no entries
5. Use F6=Add new to the define the following
6. In the Add Object Auditing screen define the following
7. Object *ALL
8. Library *ALL
9. Object type *ALL
10. Object auditing option 1
11. Apply Y immediately (it can be a very time consuming process)
12. Press Enter to accept your definition
13. Now you can proceed and define the libraries of your choice accordingly
2. From the main menu choose option 1. OS/400 Audit Features
3. From menu OS/400 Audit Features choose option 1. Work with Current Setting
4. From the Work with Current Setting menu choose either yes Y or no N for data collection
After doing so, data collection will start. However remember to restrict the amount of data being collected, as large companies with huge amounts of data traffic could end up with receivers that fill up in a short period of time without having covered the desired period.
Using the AS/400 command WRKJOBSCDE you'll find a job by the name AU#MNT, Run it periodically as it deletes data in accordance with the definitions you have introduced.
3. From screen Work with Real-Time Audit Rules use function key F6=Add New
4. From screen Add Selection Rule audit type should be ZR
5. Field Sequence can be any number of your choice (0.1 - 999.0), for example 500
6. Description can be anything you wish to type, for example: Object accessed (read)
7. Field Sub-type list should be *ALL
8. Field Time group should be left empty unless you wish to use time restrictions
9. Field LOG should be Y
10. Field Perform action should be Y
11. Field Action should be *ADD
12. Press enter and you will receive the following message at the bottom of the screen: Modify data, or press Enter to confirm. Press enter again to continue and to receive the Filter Conditions screen
13. In screen Filter Conditions Field User profile name test field should be LIST and Values field should contain the names of user profile prohibited from accessing the library separated by blanks
14. In field Name of object the test field should be EQ and the value should be H70
15. Field Object type should have EQ in the test field and *LIB in the Value field
16. Press enter to continue to next screen
17. In screen Add Alert Message you can choose a message or type enter for next screen
18. In screen Edit Action Script in sequence 1.00 leave Label field blank and continue to Command, GOTO label (unconditional), and type in ENDJOB followed by blank and use function key F8=Replacement job, you should receive the following completed command: ENDJOB &ZRNBR/&ZRUSER/&ZRJOB
19. Press enter and you have finished coding the data. You will receive the following message at the bottom of the screen: Modify data, or press Enter to confirm. Press enter and the rule will go into effect
What this will achieve is to end the job of every user profile introduced in option 13 above which is attempting an access to the library H70.
