Extract Audited Transactions (PNSLOGEXT) command

How to Get There

Prompt command PNSLOGEXT. Or, from the Modern Reports Menu, choose option 4.

What it Does

The Extract Audited Transactions (PNSLOGEXT) command extracts audited transaction data from the audit log. The extracted transactions can be printed, placed into an output database file, or placed into a CSV-formatted stream file.

The selection criteria are "and-ed" together serially, in the order presented on the command. For example, NOTUSR(QTCP) SRV(*FTP*) can be read as "User profile is not QTCP and Server begins with *FTP".

Options

Include user profile (USR)

Specify the name of a user profile whose transactions will be extracted.

*ALL Audited transactions will not be extracted based on user profile.

name Specify a user profile to extract audited transactions for that user. The value for user profile can be generic. You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.

Omit user profile (NOTUSR)

Specify the name of a user profile whose transactions will be omitted.

*NONE Audited transactions will not be omitted based on user profile.

name Specify a user profile to omit audited transactions for that user. The value for user profile can be generic.

You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.

Include server (SRV)

Specify the server for which transactions will be extracted.

*ALL Audited transactions will be extracted without regard to the server.

server-name Specify the name of a server for which audited transactions will be extracted. You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.

Omit server (NOTSRV)

Specify the server for which transactions will be omitted.

*NONE Audited transactions will not be omitted based on the server.

server-name Specify the name of a server for which audited transactions will be omitted. You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.

Include function (FNC)

Specify the function for which transactions will be extracted.

*ALL Audited transactions will be extracted without regard to the function.

function-name Specify the name of a function for which audited transactions will be extracted. You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.

Omit function (NOTFNC)

Specify the function for which transactions will be omitted.

*NONE Audited transactions will not be omitted based on the function.

function-name Specify the name of a function for which audited transactions will be omitted. You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.

Include location (LOC)

Specify a location for which transactions will be extracted. The location can be an IP Address or an SNA device name.

*ALL Audited transactions will be extracted without regard to the location.

location-value Specify the name of a function for which audited transactions will be omitted. You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.

Omit location (NOTLOC)

Specify a location for which transactions will be omitted. The location can be an IP Address or an SNA device name.

*NONE Audited transactions will not be omitted based on location.

location-value Specify an IP address or the name of an SNA device to omit transactions originating from that address or from that device. You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.

Include users in group (USRGRP)

Specify the name of a User Group to extract transactions for each member of the group.

*ALL Audited transactions will be extracted without regard to User Group.

name Specify a User Group name to extract audited transactions for the members of that User Group.

Omit users in group (NOTUSRGRP)

Specify the name of a User Group to omit transactions for each member of the group.

*NONE Audited transactions will not be omitted based on User Group.

name Specify a User Group name to omit audited transactions for the members of that User Group.

Include locations in group (LOCGRP)

Specify the name of a Location Group to extract transactions for the locations encompassed by the group.

*ALL Audited transactions will be extracted without regard to Location Group.

name Specify the name of a Location Group to extract transactions for the locations encompassed by the group.

Omit locations in group (NOTLOCGRP)

Specify the name of a Location Group to omit transactions for the locations encompassed by the group.

*NONE Audited transactions will not be omitted based on Location Group.

name Specify the name of a Location Group to omit transactions for the locations encompassed by the group.

Include action(s) taken (ACTION)

Limits the extracted audited transactions to those that were allowed, rejected, or failed. You can specify *ALL, or up to three individual values.

Single Values:

*ALL Extracted audited transactions will not be limited by transaction result.

Other values (up to 3 repetitions):

*ALLOW Only transactions that were allowed will be extracted.

*REJECT Only transactions that were rejected will be extracted.

*FAIL Only transactions that failed will be extracted. Failed transactions indicate an error condition encountered by one of the server exit programs.

Include intrusion events (INTRUSIONS)

Specifies whether to extract the Possible Intrusion Attempt messages or to extract ONLY these messages.

*YES The Possible Intrusion Attempt messages will be extracted.

*NO The Possible Intrusion Attempt messages will not be extracted.

*ONLY Only the Possible Intrusion Attempt messages will be extracted; all other transactions will be omitted.

Include job name (JOB)

Specifies that the audited transactions extracted are limited to the journal entries for a job or a set of jobs.

Single values:

*ALL Audited transactions will be extracted without regard to job.

Qualifier 1: Include job name:

*ANY Job name is not used to limit the extracted audited transactions.

name Specify the name of the job in which audited transactions were executed. You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.

Qualifier 2: User:

*ANY Job user is not used to limit the extracted audited transactions.

name Specify the user portion of the job in which audited transactions were executed. You can use the Generic Character to indicate that a partial value is to be used for selection. In some circumstances you may also use the Wildcard Character to indicate that a partial value is to be used for selection.

Qualifier 3: Number:

*ANY Job number is not used to limit the extracted audited transactions.

000000-999999 Specify the job number of the job in which audited transactions were executed.

Occurrence period (PERIOD)

Specifies date-based selection criteria to extract audited transactions based on the date and time they occurred.

*TODAY Audited transactions are extracted if they occurred during the current day.

*PRIORDAY Audited transactions are extracted if they occurred during a number of prior days. The current day is not included.

*THISWEEK Audited transactions are extracted if they occurred during the current week.

*PRIORWEEK Audited transactions are extracted if they occurred during a number of prior weeks. The current week is not included.

*THISMONTH Audited transactions are extracted if they occurred during the current month.

*PRIORMONTH Audited transactions are extracted if they occurred during a number of prior months. The current month is not included.

*CUSTOM Audited transactions are extracted if they occurred during a custom date range you specify.

Prior period count (COUNT)

Specifies the number of prior periods for which audited transactions will be extracted.

1 One prior day, week, or month will be extracted.

integer Specify the number of prior days, weeks or months to be extracted.

First day of week (STRDAY)

Specifies the first day of the week when you specify PERIOD(*THISWEEK) or PERIOD(*PRIORWEEK). This determines the beginning of the time period, and the end of the period will be 7 days later. Specify one of the following values:

*MON Monday

*TUE Tuesday

*WED Wednesday

*THU Thursday

*FRI Friday

*SAT Saturday

*SUN Sunday

Beginning date/time (RANGEBEG)

Specifies the date and time of the beginning of a custom date range. Audited transactions occurring earlier than this date and time will not be extracted.

Single values:

*NONE Audited transactions will be extracted without any minimum date/time limitation.

Element 1: Date:

*BEGIN The oldest possible date is used (January 1, 0001).

*CURRENT The date the command is executed will be used.

date Specify the date of the oldest audited transaction to be extracted.

Element 2: Time:

*BEGIN The oldest possible time is used (Midnight)

time Specify the time of the oldest audited transaction to be extracted.

Ending date/time (RANGEEND)

Specifies the date and time of the end of a custom date range. Audited transactions occurring after this date and time will not be extracted.

Single values:

*NONE Audited transactions will be extracted without any maximum date/time limitation.

Element 1: Date:

*END The newest possible date is used (run date).

date Specify the date of the newest audited transaction to be extracted.

Element 2: Time:

*END The newest possible time is used (run time).

time Specify the time of the newest audited transaction to be extracted.

Output (OUTPUT)

Specifies the target of the extracted audited transactions. The data can be printed, or can be extracted to a database file or a CSV-formatted stream file.

*PRINT The extracted audited transactions will be printed in a columnar report format reminiscent of the old LPWRRPT journal report.

*OUTFILE The extracted audited transactions will be placed into an output file in a library of your choosing. The output file will be based on the format of the PNSATO file contained in the product library.

*CSV The extracted audited transactions will be placed into a new CSV-formatted stream file.

Report style (STYLE)

Specifies whether transaction details are printed. The summary tables are always printed.

*DETAIL The detail of each audited transaction is printed. In this case you can optionally include a longer transaction data display as well as the effective rule information.

*SUMMARY Only the summary tables will be printed.

Report options (OPTIONS)

Specifies some printing options for the report output.

You can specify three values for this parameter.

*SHOWTRAN When specified, a wider display of more transaction data is printed.

*SHOWRULE When specified, the rule(s) that contributed to the allowance or rejection of the transaction is printed.

*HIDEZEROSUM When specified, causes the summary lines with zero sums to be omitted from the report.

*SHOWZEROSUM When specified, causes the summary lines with zero sums to not be omitted from the report.

Order transactions by (SORT)

Specifies the order in which to print the extracted transactions.

Single values:

*NONE The extracted transactions are printed in the order they are retrieved from the audit journal. This has been observed to be in receiver attached date and sequence order which basically equates to the date/time the transaction occurred.

Other values (up to five repetitions):

Element 1: Data element:

*SERVER Order by server.

*FUNCTION Order by function.

*USER Order by user.

*LOCATION Order by location.

*DATETIME Order by the date/time the transaction occurred.

Element 2: Ascending or descending:

*ASC Order the data element in ascending (low to high) order.

*DESC Order the data element in descending (high to low) order.

File to receive output (OUTFILE)

Specifies the name and library of the database file to receive the extracted transactions. If the output file does not exist, it will be created for you and will be based on the format of PNSATO.

Qualifier 1: File to receive output:

name Specify the name of the database file to receive the extracted transactions.

Qualifier 2: Library:

*CURLIB The job's current library contains the output file.

name Specify the name of the library in which the output file exists.

Output member options (OUTMBR)

Specifies the name of the output file member into which the extracted transactions are deposited.

Element 1: Member to receive output:

*FIRST The first member in the output file will receive the extracted transactions.

name Specify the name of the member in the output file that will receive the extracted transactions.

Element 2: Replace or add records:

*REPLACE The extracted data will replace that currently in the output file member.

*ADD The extracted data will be appended to that currently in the output file member.

Name of report sent to IFS (RPTNAM)

<...> Description of parameter here.

character-value <...> Description of user-defined value here.

Output file path (PATH)

Specifies the full path to the CSV-formatted stream file that is to receive the extracted transaction data.

path-name Specify the path name of the CSV-formatted stream file that is to receive the extracted transaction data. If the file does not exist, it will be created.

Stream file CCSID (CCSID)

Specifies the encoding of the data placed into the CSV stream file.

*UTF8 Unicode UTF-8 (CCSID 1208) encoding will be used.

*UTF16 Unicode UTF-16 (CCSID 1200) encoding will be used.

1-65535 Specify the CCSID to be used to encode the CSV stream file data.

Include column headings (COLHEADS)

Specifies whether a row is included to specify the column headings in the resulting spreadsheet when the CSV file is opened by a compatible application.

*YES The first row in the file will name each column.

*NO A row that names each column is not included.

Transaction length limit (MAXRQSLEN)

Specifies the maximum width of the Request Data column, in bytes.

*NOMAX The full Request Data will be placed into the CSV stream file.

1-32767 Specify the maximum length of the Request Data to be placed into the CSV stream file.

Date format (DATFMT)

Specify the format of the date column in the CSV output.

*SYSVAL The current value of system value DATFMT will be used to determine the format of the date column. MDY will be treated as *USA, DMY will be treated as *EUR, and any other value will be treated as *ISO. <...> Description of value here.

*USA The date will be formatted as mm/dd/yyyy.

*EUR The date will be formatted as dd.mm.yyyy.

*ISO The date will be formatted as yyyy-mm-dd.

Time separator (TIMSEP)

Specifies the separator to be used to format the time column.

*SYSVAL The current value of system value TIMFMT will be used.

*BLANK A single blank character will be used.

':' A single colon will be used.

'.' A single period will be used.

' ;' A single blank character will be used.

',' A single comma will be used.

Log journal (JOURNAL)

Specifies the name and library of the journal from which audited transactions will be extracted.

Single values:

*SYSTEM Specify *SYSTEM to use the Log journal defined in the Powertech Exit Point Manager System Values.

Qualifier 1: Audit journal:

name Specify the name of the journal from which audited transactions will be extracted.=

Qualifier 2: Library:

*LIBL All libraries in the library list for the current thread are searched until the journal is found.

*CURLIB The current library for the thread is searched. If no library is specified as the current library for the thread, the QGPL library is searched.

name Specify the name of the library in which the journal is located.

Simple Command Example

PNSLOGEXT USR(BR549) SRV(*SQL) PERIOD(*THISMONTH)

This command prints a report of all transactions generated by user BR549 that were executed by the SQL server in the current month.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
8.01 | 202306130759 | June 2023