Log File Reports

Log File data consists of journal entries written to the security audit journal, QAUDJRN. Journal entries are generated from a variety of events, ranging from login failures and system value changes to auditing of basic file access. Powertech Compliance Monitor for IBM i allows you to collect transactional log data from multiple systems and compile the collected data into Log File Reports.

NOTE: Only events from QAUDJRN are collected by Powertech Compliance Monitor for IBM i.

Powertech Compliance Monitor for IBM i provides the following predefined Log File Reports:

All 74 type T entries in QAUDJRN. The report names follow the format T:XX where XX is the journal code for the audited event.
Combined reports combine different audit journal types into one report. For example, the Combined Object report includes audit entries for actions that affect objects, such as object restore, delete, move, and so on. Combined reports are very powerful because they can show many different types of journal entries over a selected time period.
Two special reports that detail deleted user profiles and Level 40 security events that could cause program failures at Security Level 40 and above.

When you select to run one or more log file reports, the Log File Options tab allows you to specify selection criteria for the report or group.

You can harvest (collect) Log File data using either of the following methods:

Automatic: Collections that run at scheduled times. We recommend you use an Automatic collection to harvest log file data because it uses less disk space.
Request Assessment: Select the system(s) or system group to audit and the log file reports to run.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
4.4 | 202410080134 | October 2024