Using the history log

Not all of the authority failure and integrity violation messages are found in the QHST log. These messages are listed here.

Some security-related events, such as exceeding the incorrect sign-on attempts specified in the QMAXSIGN system value, cause a message to be sent to the QHST (history) log. Security messages are in the range 2200 to 22FF. They have the prefixes CPI, CPF, CPC, CPD, and CPA.

Beginning with Version 2 Release 3 of the IBM i licensed program, some authority failure and integrity violation messages are no longer sent to the QHST (history) log. All information that was available in the QHST log can be obtained from the security audit journal. Logging information to the audit journal provides better system performance and more complete information about these security-related events than the QHST log. The QHST log should not be considered a complete source of security violations. Use the security audit functions instead.

These messages are no longer written to the QHST log:

CPF2218. These events can be captured in the audit journal by specifying *AUTFAIL for the QAUDLVL system value.
CPF2240. These events can be captured in the audit journal by specifying *AUTFAIL for the QAUDLVL system value.
CPF2220. These events can be captured in the audit journal by specifying *AUTFAIL for the QAUDLVL system value.
CPF4AAE. These events can be captured in the audit journal by specifying *AUTFAIL for the QAUDLVL system value.
CPF2246. These events can be captured in the audit journal by specifying *AUTFAIL for the QAUDLVL system value.