Auditing system values: Audit journal error action

Specifies the action for the system to take when audit records cannot be sent to the auditing journal because of errors that occur when the journal entry is sent. (QAUDENDACN)

Audit journal error action, also known as QAUDENDACN, is a member of the auditing category of i5/OS™ system values. You can use this system value to specify the action to take if the system is unable to write audit entries. The system takes the specified action when audit records are not sent to the auditing journal because errors occur when the journal entry is sent. To learn more, keep reading.

Quick reference
Location	In iSeries™ Navigator, select your system, > Configuration and Service > System Values > Auditing System Values > Journaling
Special authority	Audit (*AUDIT) ¹
Default value	Notify, then continue
Changes take effect	Immediately
Lockable	Yes (Click for details)
Note 1: To view this system value, you must have Audit (AUDIT) or All object (ALLOBJ) special authority. To change this system value, you must have Audit (*AUDIT) special authority.

What can I do with this system value?

Use this system value to specify the action to take whenever auditing is active and the system is not able to write entries to the audit journal.

If the security policy for your system requires that no processing occur without auditing, then you must set this value to Shut down the system (*PWRDWNSYS). For most systems, Notify, then continue (*NOTIFY) is the recommended value. This system value applies only to auditing entries sent by the operating system to the security audit journal (QAUDJRN).

Possible values are:

Notify, then continue (*NOTIFY)
A message is sent to the system operator's message queue once per hour until auditing is successfully activated.
Shut down the system (*PWRDWNSYS)
The system ends if the attempt to send the audit data to the security audit journal fails. When the system is powered on again, the system is in the restricted state. The Default auditing for newly created objects (QCRTOBJAUD) system value is set to None to turn auditing off. On the next restart, the user who signs on the system must have at least Audit (*AUDIT) and All Object (*ALLOBJ) special authority.
Not available (*NOTAVL)
This value is displayed if the user does not have authority to view the auditing value. You cannot set the system value to not available (*NOTAVL). This value is only displayed when a user accessing the system value does not have either All object (*ALLOBJ) or Audit (*AUDIT) special authority.

Note: To view this auditing system value, you must have All object (*ALLOBJ) or Audit (*AUDIT) special authority. If you do not have the required authority, the Auditing category is not displayed in iSeries Navigator. In addition, if you access this system value in the character-based interface, the not available (*NOTAVL) value is displayed.

Where can I get more information about auditing system values?

To learn more, go to the auditing system values overview topic. If you are looking for a specific system value or category of system values, try using the i5/OS system value finder.