Planning the auditing of actions

The QAUDCTL (audit control) system value, the QAUDLVL (audit level) system value, the QAUDLVL2 (audit level extension) system value, and the AUDLVL (action auditing) parameter in user profiles work together to control action auditing.

The functions of each system value are as follows:
  • The QAUDLVL system value specifies which actions are audited for all users of the system.
  • The QAUDLVL2 system value also specifies which actions are audited for all users of the system, and is used when more than 16 auditing values are needed.
  • The AUDLVL parameter in the user profile determines which actions are audited for a specific user. The values for the AUDLVL parameter apply in addition to the values for the QAUDLVL and QAUDLVL2 system values.
  • The QAUDCTL system value starts and stops action auditing.

The events that you choose to log depends on both your security objectives and your potential exposures. Action auditing describes the possible audit level values and how you can use them. It shows whether they are available as a system value, a user profile parameter, or both.

Parent topic: Planning security auditing
Related reference:
Auditing Level (QAUDLVL)
Auditing Level Extension (QAUDLVL2)
Action auditing