000011542 - AS400 Event filtering and selection

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011542
Issue

How can I filter out iSeries (AS400) logs so that they don't send the entire transaction journal to the collector?

Resolution

DSPJRN     JRN(QSYS/QAUDJRN) (*CURCHAIN) +
                          FROMTIME(&DATEVAR &TIMEVAR) JRNCDE((T)) +
                          OUTPUT(*OUTFILE) OUTFILFMT(*TYPE5) +
                          OUTFILE(AUDITLIB/AUDITDTA) ENTDTALEN(*CALC)

 

 

Modified to collect 3 record types:

 

DSPJRN     JRN(QSYS/QAUDJRN) RCVRNG(*CURCHAIN)          +

                          FROMTIME(&DATEVAR &TIMEVAR)                +

                          JRNCDE((T))                                +

                          ENTTYP(JS AF AU ) OUTPUT(*OUTFILE)  +

                          OUTFILFMT(*TYPE5) OUTFILE(AUDITLIB/AUDITDTA)   +

                          ENTDTALEN(*CALC)

 

 

List of all Journal Codes can be found in the iseries Device configuration guide which can be downloaded from RSA Secure Care online:

 

https://knowledge.rsasecurity.com/scolcms/set.aspx?id=182



Legacy Article IDa49342

Attachments

    Outcomes