AS/400 System Auditing

While the Webulator/400 configuration and other security precautions can prohibit the unauthorized access to your AS/400 system and its applications, the AS/400 provides methods that allow you to regularly monitor security activities and requirements. The following logs and journals present information about system and object access.

Monitor QHST History log for security messages
Security violations are logged to the AS/400 History Log (QHST) via CPF messages. These messages (CPF2200-CPF22FF, CPI2200-CPI22FF, CPC2200-CPC22FF, and CPD2200-CPD22FF) show security and object violations that have occurred on the AS/400. By displaying the log for these messages (using the DSPLOG command), you can monitor invalid signon requests, as well as other attempted security violations.

Monitor/audit journal QAUDJRN for security related system and object requests
The QAUDJRN journal contains audit trail entries for each of a number of security activities on the AS/400. These activities include, but are not limited to: authority failures, program adoptions, authority and object ownership changes, object creations and deletions, network logons and logoffs, and userid or password failures. The AS/400 Security - Reference manual provides more information about setting up and using the auditing functions.

These entries can assist you in your steps to ensure that your AS/400 remains secure, whether it is connected to the Internet or a single 5250 workstation. Additional information about logging and auditing can be found in the AS/400 Security - Basic manual.