6.5.1. Enabling security auditing manually

If you want to manually enable security auditing instead of using the CHGSECAUD command, complete the following steps.

Create the journal receiver for the security journal. It is recommended that you create a library to contain the journal receiver, and then create the receiver using a 4 digit sequence number in the name. Issue the following commands:
```
CRTLIB LIB(AUDJRN) TEXT(‘AUDIT JOURNALS’)
CRTJRNRCV JRNRCV(AUDJRN/AUDRCV0001)
THRESHOLD(100000) AUT(*EXCLUDE)
TEXT(’Auditing Journal Receiver’)
```
Create the journal QAUDJRN in the system library QSYS and refer to the journal receiver you created above. It is recommended that you allow the system to manage the receivers. Issue the following commands:
```
CRTJRN JRN(QSYS/QAUDJRN) +
JRNRCV(JRNLIB/AUDRCV0001) +
MNGRCV(*SYSTEM)
DLTRCV(*NO) +
AUT(*EXCLUDE)
TEXT(’Auditing Journal’)
```
Warning

The system will not automatically delete security audit journals. You will need to periodically backup and delete old journals.
Change system values to enable security logging. You can now use the Work With System Values (WRKSYSVAL) command to change the QAUDLVL and QAUDLVL2 settings. These settings are used to select the security audit features and begin security logging. Please see the IBM System i Security Guide for a complete description of the audit options.

Prev	Up	Next
6.5. Configuring System i security auditing	Home \| Contents	6.5.2. Enabling user auditing

The syslog-ng 3.0 Administrator Guide

The syslog-ng 3.0 Administrator Guide Document version: Thirteenth Release date: September 23, 2010 Latest version available at the BalaBit Documentation Page
Previous \| Up \| Home \| Contents \| Index \| Glossary \| Next

	Warning
	The system will not automatically delete security audit journals. You will need to periodically backup and delete old journals.