Display Audit Journal Entries (DSPAUDJRNE)

Where allowed to run: All environments (*ALL)
Threadsafe: No 		Parameters
Examples
Error messages

The Display Audit Journal Entries (DSPAUDJRNE) command allows you to generate security journal audit reports. The reports are based on the audit entry types and the user profile specified on the command. Reports can be limited to specific time frames and detached journal receivers can be searched. The reports are directed to the active display or a spooled file.

The audit entries for which you can run reports is a subset of the audit entries that may be generated. For information on all of the possible audit entries, see Chapter 9 of the Security Reference manual.

Restriction: You must have audit (*AUDIT) special authority to run this command.

Top

Parameters

Keyword Description Choices Notes
ENTTYP Journal entry types Values (up to 30 repetitions): AF, CA, CD, CO, CP, CU, CV, DO, EV, GR, IP, JS, ND, NE, OM, OR, OW, PA, PG, PO, PS, PW, SF, SO, SV, VO, YC, YR, ZC, ZR Optional, Positional 1
USRPRF User profile Name, *ALL Optional, Positional 2
JRNRCV Journal receiver searched Single values: *CURRENT, *CURCHAIN
Other values: Element list		 Optional
Element 1: Starting journal receiver Qualified object name
Qualifier 1: Starting journal receiver Name
Qualifier 2: Library Name, *LIBL, *CURLIB
Element 2: Ending journal receiver Single values: *CURRENT
Other values: Qualified object name
Qualifier 1: Ending journal receiver Name
Qualifier 2: Library Name, *LIBL, *CURLIB
FROMTIME Starting date and time Single values: *FIRST
Other values: Element list		 Optional
Element 1: Starting date Date
Element 2: Starting time Time
TOTIME Ending date and time Single values: *LAST
Other values: Element list		 Optional
Element 1: Ending date Date
Element 2: Ending time Time
OUTPUT Output *PRINT, * Optional
Top

Journal entry types (ENTTYP)

The journal entry types to be included in the report.

You can specify 30 values for this parameter.

AF
Authorization failure entries.
CA
Change authority entries.
CD
Command string entries.
CO
Create object entries.
CP
Change user profile entries.
CU
Cluster management operations.
CV
Connection verification.
DO
Delete object entries.
EV
Environment variable operations.
GR
Generic record.
IP
Interprocess communication
JS
Actions against jobs entries.
ND
Directory search filter violations.
NE
End point filter violations.
OM
Object move or rename.
OR
Object restored entries.
OW
Object ownership changed entries.
PG
Change of an object's primary group.
PO
Printed output entries.
PS
Profile swap.
PW
Invalid password entries.
SF
Action on spooled files entries.
SO
Server security user information actions.
SV
System values changed entries.
VO
Validation list actions.
YC
DLO object changed entries.
YR
DLO object read entries.
ZC
Object changed entries.
ZR
Object read entries.
Top

User profile (USRPRF)

Journal entries created for a user profile's actions are included in the report.

*ALL
The report will include entries for all user profiles.
name
Specify the name of the user profile whose journal entries are to be included in the report.
Top

Journal receiver searched (JRNRCV)

The name of the starting (first) and ending (last) journal receivers whose journal entries are searched.

Note: If the maximum number of receivers (256) in the range is surpassed, an error occurs and no journal entries are converted.

Single values

*CURRENT
Journal entries in the currently attached journal receiver are searched.
*CURCHAIN
Journal entries in the currently attached journal receiver chain are searched. If there is a break in the chain, the receiver range is from the most recent break in the chain through the receiver that is attached when starting to convert journal entries.

Element 1: Starting journal receiver

Qualifier 1: Starting journal receiver

name
The name of the first journal receiver from which entries are searched.

Qualifier 2: Library

*LIBL
The library list is used to locate the journal receiver.
*CURLIB
The current library for the job is used to locate the journal receiver. If no library is specified as the current library for the job, QGPL is used.
name
Specify the name of the library where the journal receiver is located.

Element 2: Ending journal receiver

Single values

*CURRENT
The journal receiver that is currently attached is used as the ending journal receiver.

Qualifier 1: Ending journal receiver

name
Specify the name of the last journal receiver from which entries are searched.

Qualifier 2: Library

*LIBL
The library list is used to locate the journal receiver.
*CURLIB
The current library for the job is used to locate the journal receiver. If no library is specified as the current library for the job, QGPL is used.
name
Specify the name of the library where the journal receiver is located.
Top

Starting date and time (FROMTIME)

The date and time of the first journal entry to be searched.

Single values

*FIRST
Specifies that the search is to begin with the first record in the journal receiver.

Element 1: Starting date

date
The starting date. The starting date and time of the first journal entry occurring at or after the specified starting date and time becomes the starting point for the range of entries to be searched.

Element 2: Starting time

time
The starting time. The starting date and time of the first journal entry occurring at or after the specified starting date and time becomes the starting point for the range of entries to be searched.

The time can be specified with or without a time separator:

  • Without a time separator, specify a string of 4 or 6 digits (hhmm or hhmmss) where hh = hours, mm = minutes, and ss = seconds.
  • With a time separator, specify a string of 5 or 8 digits where the time separator specified for your job is used to separate the hours, minutes, and seconds. If you enter this command from the command line, the string must be enclosed in apostrophes. If a time separator other than the separator specified for your job is used, this command will fail.
Top

Ending date and time (TOTIME)

The creation date and time of the last journal entry to be searched.

Single values

*LAST
Specifies that the search is to end with the last record in the journal receiver.

Element 1: Ending date

date
The ending date. The ending date and time of the first journal entry occurring at or before the specified ending time on the specified ending date becomes the ending point for the range of entries to be searched.

Element 2: Ending time

time
The ending time. The ending date and time of the first journal entry occurring at or before the specified ending time on the specified ending date becomes the ending point for the range of entries to be searched.

The time can be specified with or without a time separator:

  • Without a time separator, specify a string of 4 or 6 digits (hhmm or hhmmss) where hh = hours, mm = minutes, and ss = seconds.
  • With a time separator, specify a string of 5 or 8 digits where the time separator specified for your job is used to separate the hours, minutes, and seconds. If you enter this command from the command line, the string must be enclosed in apostrophes. If a time separator other than the separator specified for your job is used, this command will fail.
Top

Output (OUTPUT)

Specifies whether the output from the command is displayed at the requesting work station or printed with the job's spooled output.

*PRINT
The output is printed with the job's spooled output.
*
The output is shown (if requested by an interactive job) or printed with the job's spooled output (if requested by a batch job).
Top

Examples 

DSPAUDJRNE   ENTTYP(AF)  OUTPUT(*)

This command displays all 'Authority Failure' audit records in the current journal receiver.

Top

Error messages

*ESCAPE Messages

CPFB304
User does not have required special authorities.
Top