ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvqaudlvl2.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Audit level extension" />
<meta name="abstract" content="The QAUDLVL2 system value is required when more than sixteen auditing values are needed." />
<meta name="description" content="The QAUDLVL2 system value is required when more than sixteen auditing values are needed." />
<meta name="DC.Relation" scheme="URI" content="rzamvauditsysval.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="qaudlvl2" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Audit level extension</title>
</head>
<body id="qaudlvl2"><a name="qaudlvl2"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Audit level extension</h1>
<div><p>The QAUDLVL2 system value is required when more than sixteen auditing
values are needed.</p>
<ul><li>Name in the character-based interface: <span class="uicontrol">QAUDLVL2</span>.</li>
<li>Name in the iSeries™ Navigator
interface: <span class="uicontrol">activate action auditing</span>.</li>
<li><span class="uicontrol">Description:</span> Specifying *AUDLVL2 as one of the
values in the QAUDLVL system value will cause the system to also look for
auditing values in the QAUDLVL2 system value. You can specify more than one
value for the QAUDLVL2 system value, unless you specify *NONE.  For the QAUDLVL2
system value to take effect, the QAUDCTL system value must include *AUDLVL
and the QAUDLVL system value must include *AUDLVL2.</li>
</ul>

<div class="tablenoborder"><a name="qaudlvl2__taudlvl2"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="qaudlvl2__taudlvl2" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Possible Values for
the QAUDLVL2 System Value</caption><thead align="left"><tr valign="bottom"><th valign="bottom" width="25.125628140703515%" id="d0e38">Auditing value</th>
<th valign="bottom" width="74.87437185929649%" id="d0e40">Description</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="25.125628140703515%" headers="d0e38 "><u>*NONE</u></td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">No auditing values are contained in this system value.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 "><span>*ATNEVT</span></td>
<td valign="top" width="74.87437185929649%" headers="d0e40 "><span>Conditions that require further evaluation
to determine the condition’s security significance are audited.</span></td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*AUTFAIL</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Authority failure events are logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*CREATE</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Object create operations are logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*DELETE</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Object delete operations are logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*JOBDTA</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Actions that affect a job are logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*NETBAS</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Network base functions are audited.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*NETCLU</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Cluster and cluster resource group operations are audited.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*NETCMN</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Network and communication functions are audited. <div class="p">*NETCMN
is composed of several values to allow you to better customize your auditing: <p>*NETBAS<br />
*NETCLU<br />
*NETFAIL<br />
*NETSCK</p>
</div>
</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*NETFAIL</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Network failures are audited.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*NETSCK</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Socket tasks are audited.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*OBJMGT</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Object move and rename operations are logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*OFCSRV</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Changes to the system distribution directory and office
mail actions are logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*OPTICAL</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Use of Optical Volumes is logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*PGMADP</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Obtaining authority from a program that adopts authority
is logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*PGMFAIL</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">System integrity violations are logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*PRTDTA</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Printing a spooled file, sending output directly to
a printer, and sending output to a remote printer are logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SAVRST</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Restore operations are logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SECCFG</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Security configuration is audited.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SECDIRSRV</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Changes or updates when doing directory service functions
are audited.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SECIPC</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Changes to interprocess communications are audited.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SECNAS</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Network authentication service actions are audited.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SECRUN</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Security run time functions are audited.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SECSCKD</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Socket descriptors are audited.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SECURITY</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Security-related functions are logged. <div class="p">*SECURITY
is composed of several values to allow you to better customize your auditing: <p>*SECCFG<br />
*SECDIRSRV<br />
*SECIPC<br />
*SECNAS<br />
*SECRUN<br />
*SECSCKD<br />
*SECVFY<br />
*SECVLDL</p>
 </div>
</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SECVFY</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Use of verification functions are audited.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SECVLDL</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Changes to validation list objects are audited.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SERVICE</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Using service tools is logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SPLFDTA</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Actions performed on spooled files are logged.</td>
</tr>
<tr><td valign="top" width="25.125628140703515%" headers="d0e38 ">*SYSMGT</td>
<td valign="top" width="74.87437185929649%" headers="d0e40 ">Use of system management functions is logged.</td>
</tr>
</tbody>
</table>
</div>
<div class="note"><span class="notetitle">Note:</span> This system value is a restricted value. For details on how to restrict
changes to security system values and a list of the restricted system values,
see <span class="q">"Chapter 3: Security System Values"</span> in the <cite>iSeries Security
Reference</cite>.</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvauditsysval.htm" title="This topic describes the auditing system values in detail.">Audit system values</a></div>
</div>
</div>
</body>
</html>