friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajb_5.4.0.1/rzajbrzajbx4journalssd.htm

87 lines
5.0 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Journal and audit packet rules actions" />
<meta name="abstract" content="Your packet rules includes a journaling feature. Journaling allows you to troubleshoot NAT and filtering problems." />
<meta name="description" content="Your packet rules includes a journaling feature. Journaling allows you to troubleshoot NAT and filtering problems." />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajbx2managingrulessd.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajbx4-journals_sd" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Journal and audit packet rules actions</title>
</head>
<body id="rzajbx4-journals_sd"><a name="rzajbx4-journals_sd"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Journal and audit packet rules actions</h1>
<div><p>Your packet rules includes a journaling feature. Journaling allows
you to troubleshoot NAT and filtering problems.</p>
<div class="section"><p>You can use the journal to create a log of rule actions. This
allows you to debug and spot check your rules. You can also audit the traffic
that flows in and out of your system by reviewing these system logs or journals.</p>
</div>
<div class="section"><p>The journaling feature is used on a per-rule basis. When you create
a NAT or filter rule, you have the following journaling options: full or off.
See the following table for more detail.</p>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><thead align="left"><tr><th valign="top" width="34.87179487179487%" id="d0e24">OPTION</th>
<th valign="top" width="65.12820512820512%" id="d0e26">DEFINITION</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="34.87179487179487%" headers="d0e24 ">FULL</td>
<td valign="top" width="65.12820512820512%" headers="d0e26 ">Every packet that is translated is logged.</td>
</tr>
<tr><td valign="top" width="34.87179487179487%" headers="d0e24 ">OFF</td>
<td valign="top" width="65.12820512820512%" headers="d0e26 ">No journaling occurs.</td>
</tr>
</tbody>
</table>
</div>
<div class="section"><p>If journaling is turned on, a journal entry is generated for each
rule applied to a datagram (NAT or filter). The only rules for which a journal
entry is not created are the default deny rules. They are never journaled
because they are created by the system. </p>
</div>
<div class="section"><p>By using these journals, you create a general file on the iSeries™ server.
You can then use the information recorded in your system's journals to determine
how your system is being used. This can help you decide to change various
aspects of your security plan.</p>
</div>
<div class="section"><p>If you set the journaling feature to OFF, your system will not
create a journal entry for that rule. Although you can choose to do this,
it might not be your best option. If you are not experienced in creating filter
and NAT rules, you might want to use FULL (logging) as necessary. You can
then use the logs as troubleshooting tools. However, be selective in what
you choose to journal. Journaling is a heavy burden on your system's resources.
Try to focus on the rules that control heavy traffic. </p>
</div>
<div class="section"><p> To view these journals, do the following step:</p>
</div>
<div class="section"> <ol><li>From an iSeries command,
enter: <span class="cmdname">DSPJRN JRN(QIPNAT)</span> for NAT journals or <span class="cmdname">DSPJRN
JRN(QIPFILTER)</span> for IP filter journals.</li>
</ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajbrzajbx2managingrulessd.htm" title="To maintain the security of your system and the integrity of your packet rules, periodically perform the management tasks.">Manage packet rules</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink