The amount of information available in the audit journal is impressive, but the AJ also is one of the system's best-kept secrets.
The following is taken from the white paper "Ways to Use the IBM i Audit Journal," available for download free from the MC White Paper Center.
One of my favorite integrated features of IBM i (iSeries) is auditing. The system can be configured to audit security-relevant actions of every profile on the system or just a handful. Or it can be configured to audit the use of objects.
The amount of information available in the audit journal is really quite amazing. Unfortunately, it's one of the system's best-kept secrets! Even when people are aware of the audit journal, they often have no idea of what type of information is available. They assume—incorrectly—that it's strictly information needed by auditors. Unbeknownst to many system administrators is the vast information in the audit journal that they could use on a daily basis. Even more of a mystery is how one "harvests" or retrieves information out of the audit journal in a readable format.
SkyView Audit Journal Reporter is an i5/OS and IBM i product that provides pre-defined audit reports on the security events recorded in the i5/OS audit journal. Simply put, SkyView Audit Journal Reporter (or AJR as it's fondly referred to) was created to "de-mystify" the audit journal and make the information in it easily accessible through its pre-defined reports. As your security and compliance experts, we've examined the audit journal entries, determined what information is needed, and formatted the reports so you don't have to have knowledge of the intricacies of the i5/OS audit journal.
You just have to decide which reports to run and what profiles or objects to run them against. The following are some of the "Ways to Use SkyView Audit Journal Reporter":
- Monitor for invalid sign-on attempts.
- Move to security level 40 (or 50) from level 30.
- Determine who or what process has caused something within the SkyView Partners Policy Minder product to become non-compliant.
- Compare the programs created or re-compiled into a production library with change management tickets.
- Determine who or what process deleted an object.
- List all of the actions taken by a particular user.
- Discover if someone has tried to access critical files (such as files containing private or confidential data) without authority.
- Audit the use of an object by users outside "normal" processes.
- Report on who changes system values.
- Monitor the use of particular commands.
- Find out more details when a user receives a "Not authorized to object xxx…" message.
- Discover if someone is trying to sign on with IBM profiles QSECOFR, QPGMR, QSYSOPR, QUSER, QSRV, or QSRVBAS.
- Find out when the QSECOFR password is changed.
- Monitor the auditing values for critical or sensitive objects.
- Detect when critical job descriptions and subsystem descriptions have been changed.
Want to learn more? For Carol's full comments and a description of each of the above items, download the white paper Ways to Use the IBM i Audit Journal, available for free from the MC White Paper Center.
as/400, os/400, iseries, system i, i5/os, ibm i, power systems, 6.1, 7.1, V7,
Carol Woodbury is IBM i Security SME and Senior Advisor to Kisco Systems, a firm focused on providing IBM i security solutions. Carol has over 30 years’ experience with IBM i security, starting her career as Security Team Leader and Chief Engineering Manager for iSeries Security at IBM in Rochester, MN. Since leaving IBM, she has co-founded two companies: SkyView Partners and DXR Security. Her practical experience and her intimate knowledge of the system combine for a unique viewpoint and experience level that cannot be matched.
Carol is known worldwide as an author and award-winning speaker on security technology, specializing in IBM i security topics. She has written seven books on IBM i security, including her two current books, IBM i Security Administration and Compliance, 3rd Edition and Mastering IBM i Security, A Modern, Step-by-Step Approach. Carol has been named an IBM Champion since 2018 and holds her CISSP and CRISC security certifications.
MC Press books written by Carol Woodbury available now on the MC Press Bookstore.
 |
||
 |
|
IBM i Security Administration and Compliance: Third Edition Don't miss the newest edition by the industry’s #1 IBM i security expert. List Price $71.95 Now On Sale
|
 |
|
Mastering IBM i Security Get the must-have guide by the industry’s #1 security authority. List Price $49.95 Now On Sale
|
Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:
LATEST COMMENTS
MC Press Online