Quick Links

Sponsored Links

Support Goto400.com

CL Command Reference - CPYAUDJRNE

CL Command List > CPYAUDJRNE Reference

Description:

The Copy Audit Journal Entries (CPYAUDJRNE) command allows you to copy security audit records from the security auditing journal (QAUDJRN) into one or more outfiles. Each audit entry type selected is copied to a separate output file.

To view the audit journal entries copied to the output file, you can use the Run Query (RUNQRY) command to display the records with column headings. The combination of CPYAUDJRNE followed by RUNQRY provides function that is similar to the Display Audit Journal Entries (DSPAUDJRNE) command but with the advantages that:
. All journal entry types are supported.
. All audit journal entry fields are copied and available.

Restrictions:

1. You must have *AUDIT special authority to use this command.

2. You must have *EXECUTE and *ADD authority to the specified library to create a new output file in that library.

3. You must have *OBJOPR *OBJMGT *ADD *DLT authority to add or update a member in an existing output file.


Examples:

Example 1: Copy Authority Failure (AF) Records

CPYAUDJRNE ENTTYP(AF)

This command copies all ¡¯Authority Failure¡¯ audit records in the current journal receiver and puts them in member QAUDITAF in database file QTEMP/QAUDITAF.

The copied audit records can be displayed by a RUNQRY command, such as:

RUNQRY QRY(*NONE) QRYFILE((QTEMP/QAUDITAF))



Example 2: Copy Two Entry Types

CPYAUDJRNE ENTTYP(CO DO) OUTFILE(AUDITLIB/SYSTEM1)

This command copies all ¡¯Create Object¡¯ and ¡¯Delete Object¡¯ audit records in the current journal receiver and puts them in database files AUDITLIB/SYSTEM1CO and AUDITLIB/SYSTEM1DO respectively.

The copied audit records can be displayed by RUNQRY commands, such as:

RUNQRY QRY(*NONE) QRYFILE((AUDITLIB/SYSTEM1CO))
OUTTYPE(*DISPLAY) OUTFORM(*RUNOPT)
RUNQRY QRY(*NONE) QRYFILE((AUDITLIB/SYSTEM1DO))
OUTTYPE(*DISPLAY) OUTFORM(*RUNOPT)



Example 3: Copy All Entry Types

CPYAUDJRNE ENTTYP(*ALL) OUTFILE(SAVEAUDIT/JUNE)
OUTMBR(SMITHJ *REPLACE) USRPRF(SMITHJ)
JRNRCV(*CURCHAIN)
FROMTIME(¡¯06/01/2004¡¯ ¡¯00:00:00¡¯)
TOTIME(¡¯07/01/2004¡¯ ¡¯00:00:00¡¯)

This command copies all audit entries for user profile SMITHJ to a set of database files in library SAVEAUDIT that have names like JUNExx where the xx is the audit record entry type. The search for audit records will be performed for all journal receivers in the current chain of journal receivers. Only audit records that were written between midnight on June 01, 2004 and midnight on July 01, 2004 will be copied.

Note: This command may run for a very long time. The entire chain of journal receivers will be searched repeatedly for each audit record entry type.