AS/400 System Auditing
While the Webulator/400 configuration and other security precautions can prohibit
the unauthorized access to your AS/400 system and its applications, the AS/400
provides methods that allow you to regularly monitor security activities and
requirements. The following logs and journals present information about system
and object access.
- Monitor QHST History log for security messages
Security violations are logged to the AS/400 History Log (QHST) via CPF messages.
These messages (CPF2200-CPF22FF, CPI2200-CPI22FF, CPC2200-CPC22FF, and
CPD2200-CPD22FF) show security and object violations that have occurred on the
AS/400. By displaying the log for these messages (using the DSPLOG command),
you can monitor invalid signon requests, as well as other attempted security violations.
- Monitor/audit journal QAUDJRN for security related system and object requests
The QAUDJRN journal contains audit trail entries for each of a number of security activities
on the AS/400. These activities include, but are not limited to: authority failures, program
adoptions, authority and object ownership changes, object creations and deletions,
network logons and logoffs, and userid or password failures. The AS/400 Security -
Reference manual provides more information about setting up and using the auditing
These entries can assist you in your steps to ensure that your AS/400 remains secure, whether
it is connected to the Internet or a single 5250 workstation. Additional information about
logging and auditing can be found in the AS/400 Security - Basic manual.