Audit level

The QAUDLVL system value allows you to control which security-related events are logged to the security audit journal (QAUDJRN) for all system users.

Name in the character-based interface: QAUDLVL
Name in the iSeries™ Navigator interface: activate action auditing
Description: The QAUDLVL system value allows you to control which security-related events are logged to the security audit journal (QAUDJRN) for all system users. This system value is controlled by the QAUDCTL system value. For the QAUDLVL system value to take effect, the QAUDCTL system value must include *AUDLVL. You can specify more than one value for the QAUDLVL system value, unless you specify *NONE.
Recommended Values: The recommended values will log the following information on your system:
- *AUTFAIL
  - All access failures (signon, authorization, job submission)
  - Incorrect password or user ID entered from a device
- *PGMFAIL
  - Blocked instruction
  - Validation value failure
  - Domain violation
- *JOBDTA
  - Job start and stop data
  - Hold, release, stop, continue, change, disconnect, end, end abnormal, PSR-attached to prestart job entries

Table 1. Possible Values for the QAUDLVL System Value
Auditing value	Description
*NONE	No events controlled by the QAUDLVL or QAUDLVL2 system values are logged. Events are logged for individual users based on the AUDLVL values of user profiles.
*ATNEVT	Conditions that require further evaluation to determine the condition's security significance are audited.
*AUDLVL2	Both QAUDLVL and QAUDLVL2 system values will be used to determine the security actions to be audited.
*AUTFAIL	Authority failure events are logged.
*CREATE	Object create operations are logged.
*DELETE	Object delete operations are logged.
*JOBDTA	Actions that affect a job are logged.
*NETBAS	Network base functions are audited.
*NETCLU	Cluster and cluster resource group operations are audited.
*NETCMN	Network and communication functions are audited. NETCMN is composed of several values to allow you to better customize your auditing: NETBAS NETCLU NETFAIL *NETSCK
*NETFAIL	Network failures are audited.
*NETSCK	Socket tasks are audited.
*OBJMGT	Object move and rename operations are logged.
*OFCSRV	Changes to the system distribution directory and office mail actions are logged.
*OPTICAL	Use of Optical Volumes is logged.
*PGMADP	Obtaining authority from a program that adopts authority is logged.
*PGMFAIL	System integrity violations are logged.
*PRTDTA	Printing a spooled file, sending output directly to a printer, and sending output to a remote printer are logged.
*SAVRST	Restore operations are logged.
*SECCFG	Security configuration is audited.
*SECDIRSRV	Changes or updates when doing directory service functions are audited.
*SECIPC	Changes to interprocess communications are audited.
*SECNAS	Network authentication service actions are audited.
*SECRUN	Security run time functions are audited.
*SECSCKD	Socket descriptors are audited.
*SECURITY	Security-related functions are logged. SECURITY is composed of several values to allow you to better customize your auditing: SECCFG SECDIRSRV SECIPC SECNAS SECRUN SECSCKD SECVFY *SECVLDL
*SECVFY	Use of verification functions are audited.
*SECVLDL	Changes to validation list objects are audited.
*SERVICE	Using service tools is logged.
*SPLFDTA	Actions performed on spooled files are logged.
*SYSMGT	Use of system management functions is logged.

Note: This system value is a restricted value. For details on how to restrict changes to security system values and a list of the restricted system values, see "Chapter 3: Security System Values" in the iSeries Security Reference.