Extract Audited Transactions (PNSLOGEXT) command

How to get there

Prompt command PNSLOGEXT.

What it does

The Extract Audited Transactions (PNSLOGEXT) command extracts audited transaction data from the audit log. The extracted transactions can be printed, placed into an output database file, or placed into a CSV-formatted stream file.

The selection criteria are "and-ed" together serially, in the order presented on the command. For example, NOTUSR(QTCP) SRV(*FTP*) can be read as "User profile is not QTCP and Server begins with *FTP".

Options

Include user profile (USR)

Specify the name of a user profile whose transactions will be extracted.

*ALL

Audited transactions will not be extracted based on user profile.

name
Specify a user profile to extract audited transactions for that user. The value for user profile can be generic.
You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.
Omit user profile (NOTUSR)

Specify the name of a user profile whose transactions will be omitted.

*NONE
Audited transactions will not be omitted based on user profile.
name
Specify a user profile to omit audited transactions for that user. The value for user profile can be generic.

You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.

Include server (SRV)

Specify the server for which transactions will be extracted.

*ALL
Audited transactions will be extracted without regard to the server.
server-name
Specify the name of a server for which audited transactions will be extracted.
You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.
Omit server (NOTSRV)

Specify the server for which transactions will be omitted.

*NONE
Audited transactions will not be omitted based on the server.
server-name
Specify the name of a server for which audited transactions will be omitted.
You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.
Include function (FNC)

Specify the function for which transactions will be extracted.

*ALL
Audited transactions will be extracted without regard to the function.
function-name
Specify the name of a function for which audited transactions will be extracted.
You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.
Omit function (NOTFNC)

Specify the function for which transactions will be omitted.

*NONE
Audited transactions will not be omitted based on the function.
function-name
Specify the name of a function for which audited transactions will be omitted.
You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.
Include location (LOC)

Specify a location for which transactions will be extracted. The location can be an IP Address or an SNA device name.

*ALL
Audited transactions will be extracted without regard to the location.
location-value
Specify the name of a function for which audited transactions will be omitted.
You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.
Omit location (NOTLOC)

Specify a location for which transactions will be omitted. The location can be an IP Address or an SNA device name.

*NONE
Audited transactions will not be omitted based on location.
location-value
Specify an IP address or the name of an SNA device to omit transactions originating from that address or from that device.
You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.
Include users in group (USRGRP)

Specify the name of a User Group to extract transactions for each member of the group.

*ALL
Audited transactions will be extracted without regard to User Group.
name
Specify a User Group name to extract audited transactions for the members of that User Group.
Omit users in group (NOTUSRGRP)

Specify the name of a User Group to omit transactions for each member of the group.

*NONE
Audited transactions will not be omitted based on User Group.
name
Specify a User Group name to omit audited transactions for the members of that User Group.
Include IP addresses in group (LOCGRP)

Specify the name of an IP Address Group to extract transactions for the IP addresses encompassed by the group.

*ALL
Audited transactions will be extracted without regard to IP Address Group.
Name
Specify the name of an IP Address Group to extract transactions for the IP addresses encompassed by the group.
Omit IP addresses in group (NOTLOCGRP)

Specify the name of an IP Address Group to omit transactions for the IP addresses encompassed by the group.

*NONE
Audited transactions will not be omitted based on IP Address Group.
Name
Specify the name of an IP Address Group to omit transactions for the IP addresses encompassed by the group.
Include action(s) taken (ACTION)

Limits the extracted audited transactions to those that were allowed, rejected, or failed. You can specify *ALL, or up to three individual values.

Single Values
*ALL
Extracted audited transactions will not be limited by transaction result.
Other values (up to 3 repetitions)
*ALLOW
Only transactions that were allowed will be extracted.
*REJECT
Only transactions that were rejected will be extracted.
*FAIL
Only transactions that failed will be extracted. Failed transactions indicate an error condition encountered by one of the server exit programs.
Include intrusion events (INTRUSIONS)

Specifies whether to extract the Possible Intrusion Attempt messages or to extract ONLY these messages.

*YES
The Possible Intrusion Attempt messages will be extracted.
*NO
The Possible Intrusion Attempt messages will not be extracted.
*ONLY
Only the Possible Intrusion Attempt messages will be extracted; all other transactions will be omitted.
Include job name (JOB)

Specifies that the audited transactions extracted are limited to the journal entries for a job or a set of jobs.

Single values
*ALL
Audited transactions will be extracted without regard to job.
 
Qualifier 1: Include job name
*ANY
Job name is not used to limit the extracted audited transactions.
name
Specify the name of the job in which audited transactions were executed.
You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.
 
Qualifier 2: User
*ANY
Job user is not used to limit the extracted audited transactions.
name
Specify the user portion of the job in which audited transactions were executed.
You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.
 
Qualifier 3: Number
*ANY
Job number is not used to limit the extracted audited transactions.
000000-999999
Specify the job number of the job in which audited transactions were executed.
Occurrence period (PERIOD)

Specifies date-based selection criteria to extract audited transactions based on the date and time they occurred.

*TODAY
Audited transactions are extracted if they occurred during the current day.
*PRIORDAY
Audited transactions are extracted if they occurred during a number of prior days. The current day is not included.
*THISWEEK
Audited transactions are extracted if they occurred during the current week.
*PRIORWEEK
Audited transactions are extracted if they occurred during a number of prior weeks. The current week is not included.
*THISMONTH
Audited transactions are extracted if they occurred during the current month.
*PRIORMONTH
Audited transactions are extracted if they occurred during a number of prior months. The current month is not included.
*CUSTOM
Audited transactions are extracted if they occurred during a custom date range you specify.
Prior period count (COUNT)

Specifies the number of prior periods for which audited transactions will be extracted.

1
One prior day, week, or month will be extracted.
integer
Specify the number of prior days, weeks or months to be extracted.
First day of week (STRDAY)

Specifies the first day of the week when you specify PERIOD(*THISWEEK) or PERIOD(*PRIORWEEK). This determines the beginning of the time period, and the end of the period will be 7 days later. Specify one of the following values:

*MON Monday
*TUE Tuesday
*WED Wednesday
*THU Thursday
*FRI Friday
*SAT Saturday
*SUN Sunday
Beginning date/time (RANGEBEG)

Specifies the date and time of the beginning of a custom date range. Audited transactions occurring earlier than this date and time will not be extracted.

Single values
*NONE
Audited transactions will be extracted without any minimum date/time limitation.
 
Element 1: Date
*BEGIN
The oldest possible date is used (January 1, 0001).
*CURRENT
The date the command is executed will be used.
date
Specify the date of the oldest audited transaction to be extracted.
 
Element 2: Time
*BEGIN
The oldest possible time is used (Midnight)
time
Specify the time of the oldest audited transaction to be extracted.
Ending date/time (RANGEEND)

Specifies the date and time of the end of a custom date range. Audited transactions occurring after this date and time will not be extracted.

Single values
*NONE
Audited transactions will be extracted without any maximum date/time limitation.
 
Element 1: Date
*END
The newest possible date is used (run date).
date
Specify the date of the newest audited transaction to be extracted.
 
Element 2: Time
*END
The newest possible time is used (run time).
time
Specify the time of the newest audited transaction to be extracted.
Output (OUTPUT)

Specifies the target of the extracted audited transactions. The data can be printed, or can be extracted to a database file or a CSV-formatted stream file.

*PRINT
The extracted audited transactions will be printed in a columnar report format reminiscent of the old LPWRRPT journal report.
*OUTFILE
The extracted audited transactions will be placed into an output file in a library of your choosing. The output file will be based on the format of the PNSATO file contained in the product library.
*CSV
The extracted audited transactions will be placed into a new CSV-formatted stream file.
Report style (STYLE)

Specifies whether transaction details are printed. The summary tables are always printed.

*DETAIL
The detail of each audited transaction is printed. In this case you can optionally include a longer transaction data display as well as the effective rule information.
*SUMMARY
Only the summary tables will be printed.
Report options (OPTIONS)

Specifies some printing options for the report output.

You can specify 3 values for this parameter.

*SHOWTRAN
When specified, a wider display of more transaction data is printed.
*SHOWRULE
When specified, the rule(s) that contributed to the allowance or rejection of the transaction is printed.
*HIDEZEROSUM
When specified, causes the summary lines with zero sums to be omitted from the report.
Order transactions by (SORT)

Specifies the order in which to print the extracted transactions.

Single values
*NONE
The extracted transactions are printed in the order they are retrieved from the audit journal. This has been observed to be in receiver attached date and sequence order which basically equates to the date/time the transaction occurred.
Other values (up to 5 repetitions)
 
Element 1: Data element
*SERVER
Order by server.
*FUNCTION
Order by function.
*USER
Order by user.
*LOCATION
Order by location.
*DATETIME
Order by the date/time the transaction occurred.
 
Element 2: Ascending or descending
*ASC
Order the data element in ascending (low to high) order.
*DESC
Order the data element in descending (high to low) order.
File to receive output (OUTFILE)

Specifies the name and library of the database file to receive the extracted transactions. If the output file does not exist, it will be created for you and will be based on the format of PNSATO.

Qualifier 1: File to receive output
name
Specify the name of the database file to receive the extracted transactions.
 
Qualifier 2: Library
*CURLIB
The job's current library contains the output file.
name
Specify the name of the library in which the output file exists.
Output member options (OUTMBR)

Specifies the name of the output file member into which the extracted transactions are deposited.

Element 1: Member to receive output
*FIRST
The first member in the output file will receive the extracted transactions.
name
Specify the name of the member in the output file that will receive the extracted transactions.
 
Element 2: Replace or add records
*REPLACE
The extracted data will replace that currently in the output file member.
*ADD
The extracted data will be appended to that currently in the output file member.
Name of report sent to IFS (RPTNAM)

<...> Description of parameter here.

character-value
<...> Description of user-defined value here.
Output file path (PATH)

Specifies the full path to the CSV-formatted stream file that is to receive the extracted transaction data.

path-name
Specify the path name of the CSV-formatted stream file that is to receive the extracted transaction data. If the file does not exist, it will be created.
Stream file CCSID (CCSID)

Specifies the encoding of the data placed into the CSV stream file.

*UTF8
Unicode UTF-8 (CCSID 1208) encoding will be used.
*UTF16
Unicode UTF-16 (CCSID 1200) encoding will be used.
1-65535
Specify the CCSID to be used to encode the CSV stream file data.
Include column headings (COLHEADS)

Specifies whether a row is included to specify the column headings in the resulting spreadsheet when the CSV file is opened by a compatible application.

*YES
The first row in the file will name each column.
*NO
A row that names each column is not included.
Transaction length limit (MAXRQSLEN)

Specifies the maximum width of the Request Data column, in bytes.

*NOMAX
The full Request Data will be placed intot he CSV stream file.
1-32767
Specify the maximum length of the Request Data to be placed into the CSV stream file.
Date format (DATFMT)

Specify the format of the date column in the CSV output.

*SYSVAL
The current value of system value DATFMT will be used to determine the format of the date column. MDY will be treated as *USA, DMY will be treated as *EUR, and any other value will be treated as *ISO. <...> Description of value here.
*USA
The date will be formatted as mm/dd/yyyy.
*EUR
The date will be formatted as dd.mm.yyyy.
*ISO
The date will be formatted as yyyy-mm-dd.
Time separator (TIMSEP)

Specifies the separator to be used to format the time column.

*SYSVAL
The current value of system value TIMFMT will be used.
*BLANK
A single blank character will be used.
&apos;:&apos;
A single colon will be used.
&apos;.&apos;
A single period will be used.
&apos; ;&apos;
A single blank character will be used.
&apos;,&apos;
A single comma will be used.
Log journal (JOURNAL)

Specifies the name and library of the journal from which audited transactions will be extracted.

Single values
*SYSTEM
Specify *SYSTEM to use the Log journal defined in the Powertech Exit Point Manager System Values.
 
Qualifier 1: Audit journal
name
Specify the name of the journal from which audited transactions will be extracted.=
 
Qualifier 2: Library
*LIBL
All libraries in the library list for the current thread are searched until the journal is found.
*CURLIB
The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is searched.
name
Specify the name of the library in which the journal is located.
Simple Command Example
PNSLOGEXT USR(BR549) SRV(*SQL) PERIOD(*THISMONTH)

This command prints a report of all transactions generated by user BR549 that were executed by the SQL server in the current month.