Analyzing audit journal entries

After you have set up the security auditing function, you can use several different methods to analyze the events that are logged.

  • View selected entries at your workstation using the Display Journal (DSPJRN) command.
  • Copy selected entries to output files using the Copy Audit Journal Entries (CPYAUDJRNE) or DSPJRN command, and then using a query tool or program to analyze entries.
  • Use the Display Audit Journal Entries (DSPAUDJRNE) command.
    Note: IBM® has stopped providing enhancements for the DSPAUDJRNE command. The command does not support all security audit record types, and the command does not list all the fields for the records it supports.
  • Use the Receive Journal Entry (RCVJRNE) command on the QAUDJRN journal to receive the entries as they are written to the QAUDJRN journal.
Parent topic: Using the security audit journal