3 Tasks

This chapter contains these topics:

3.1 Setting Up an Audit Process

This chapter provides instructions for the most frequent tasks performed with the Database Audit Manager (G946).

Navigation

From Advanced and Technical Operations (G9), choose Security Officer

From Security Officer (G94), choose Database Audit Manager

From Database Audit Manager (G946), choose Audit Manager Workbench

Use the Audit Manager Workbench (P98200) to set up new or change existing audit configurations. Setting up an audit consists of the following tasks:

  • Adding a data file

  • Executing the build process

  • Activating the audit

3.1.1 Before You Begin

  • Know the library that contains the file to audit

  • Default must be set up using the Audit Configuration Defaults (P98201)

  • Default must be set up using the Reason Code Maintenance (P98204)

To add a data file

On Audit Manager Workbench (P98200)

Figure 3-1 Audit Manager Workbench screen

Description of Figure 3-1 follows
Description of "Figure 3-1 Audit Manager Workbench screen"

  1. Choose Add (F6). The File List (P98200X) screen displays a list of the database files in a selected library. Highlighted files are currently being audited. (Depending on the number of files in the library, the response may take several seconds to display the list of files.)

  2. Type 1 in the O (Option) field to select a file. Choose Enter to display the Audit Definition Parameters (P98202) screen.

    Figure 3-2 Audit Definition Parameter screen

    Description of Figure 3-2 follows
    Description of "Figure 3-2 Audit Definition Parameter screen"

  3. Complete the following fields:

    • File Name

    • Program Name

    • Electronic Signature

    • Trigger Activation Mode

    Note:

    If you select the trigger activation mode B, for Batch, you can use Sleeper to schedule field selection changes without interrupting users.

  4. The Field Selection List (P98203) screen displays.

    Figure 3-3 Field Selection List screen

    Description of Figure 3-3 follows
    Description of "Figure 3-3 Field Selection List screen"

  5. Type 1 in the O (Option) to select the data fields that will be recorded in the audit file for informational purposes only.

  6. Type 2 in the O (Option) field of the data fields that will trigger the audit program when an action on the file occurs.

    Note:

    Record adds and deletions are always written to the audit log file. Changes to the selected fields will trigger those changes to be recorded to the audit log file. Selecting fields with a 2 slows system performance. Limit the use of 2 to fields that must be audited. At least one field must contain a 2.

  7. Choose Enter to accept the entry.

  8. Choose Exit (F3). The Save Changes (P00CFMCHG) screen displays.

    Figure 3-4 Save Changes Window

    Description of Figure 3-4 follows
    Description of "Figure 3-4 Save Changes Window"

  9. Choose Enter to confirm the fields selected. The Audit Manager Workbench (P98200) screen, displays with the status of *Incmplt. This indicates that changes can still be made to the fields selected.

To build the audit

On Audit Manager Workbench (P98200)

Figure 3-5 Audit Manager Workbench screen

Description of Figure 3-5 follows
Description of "Figure 3-5 Audit Manager Workbench screen"

  1. Enter 1 in the O (Option) field to select the file you wish to build.

  2. Choose Enter. When the build is complete, the status changes to *Ready. This indicates that fields may not be changed or added without rerunning the build process.

Note:

If the build errors, you will need to edit the setup information.

3.1.2 Place the triggers on the file

On Audit Manager Workbench (P98200)

Figure 3-6 Audit Manager Workbench screen

Description of Figure 3-6 follows
Description of "Figure 3-6 Audit Manager Workbench screen"

  1. To start the audit process, type 4 in the O (Option) field to select the file.

  2. Choose Enter. The status of the file becomes *Active.

Note:

To add the trigger to the file requires an exclusive file allocation thus no users may be accessing the file when triggers are activated. Use sleeper to schedule activation at a time when the file will be available.

3.2 Editing an Audit File

Navigation

From Advanced and Technical Operations (G9), choose Security Officer

From Security Officer (G94), choose Database Audit Manager

From Database Audit Manager (G946), choose Audit Manager Workbench

It is possible that a file already defined for audit requires changes. However, different steps may need to be performed based on the status of the audit. Once a file has been set up and is active, fields may no longer be removed from the process.

To change audit file setup

On Audit Manager Workbench (P98200)

Figure 3-7 Audit Manager Workbench screen

Description of Figure 3-7 follows
Description of "Figure 3-7 Audit Manager Workbench screen"

  1. Type 2 in the O (Option) field to select the file to be changed. Choose Enter to display the Change Audit Definition (P98200W) screen.

    Figure 3-8 Change Audit Definition Window

    Description of Figure 3-8 follows
    Description of "Figure 3-8 Change Audit Definition Window"

  2. Type 1 in the Sel (Selection) field of the line indicating the type of information you need to change. Select any or all of the following:

    • Audit Definition Parameters (P98202)

    • Field Selection List (P98203)

    • Add/Change Reason Codes (P98204)

    The selected screen displays.

  3. Overtype the information on the screen with your changes. Some information is protected when the status is *Active and cannot be changed.

  4. Choose Enter.

To add a field to an existing audit file where the status is *Active

On Audit Manager Workbench (P98200)

Figure 3-9 Audit Manager Workbench screen

Description of Figure 3-9 follows
Description of "Figure 3-9 Audit Manager Workbench screen"

  1. To remove triggers from a file, type 5 in the O (Option) field to select a file. Choose Enter to remove the triggers.

  2. To make a change to the triggers for a file, type 2 in the in the O (Option) field for the file. Choose Enter to display the Change Audit Definition (P98200W) screen.

    Figure 3-10 Change Audit Definition Window

    Description of Figure 3-10 follows
    Description of "Figure 3-10 Change Audit Definition Window"

  3. Type a 1 in the Sel (Selection) field for Field Selection List. Choose Enter to display the Field Selection List (P98203) screen.

    Figure 3-11 Field Selection List screen

    Description of Figure 3-11 follows
    Description of "Figure 3-11 Field Selection List screen"

  4. Do one of the following to select the additional fields required:

    • Type 1 in the O (Option) field to write the field to the audit file for informational reasons only

    • Type 2 in the O (Option) field to write a record to the audit file.

  5. Choose Exit (F3) to display the Save Changes screen (P00CFMCHG).

    Figure 3-12 Save Changes Window

    Description of Figure 3-12 follows
    Description of "Figure 3-12 Save Changes Window"

  6. Choose Enter to save the changes and display the Audit Manager Workbench (P98200).

  7. On Audit Manager Workbench, enter 1 in the Option field to build the new file definition.

  8. From a command line, use the IBM command DSPFFD to verify the new fields were added to audit file. The fields will appear at the end of the list.

  9. On Audit Manager Workbench, enter 4 in the Option field to place the triggers back on the selected file.

Note:

Adding additional fields to an audit log file that already contains data means that those newly added fields will contain no data for existing records. Data will only be recorded into those fields after they have been added and the trigger rebuilt and reactivated.

3.3 Deleting an Audit Process from a File

Navigation

From Advanced and Technical Operations (G9), choose Security Officer

From Security Officer (G94), choose Database Audit Manager

From Database Audit Manager (G946), choose Audit Manager Workbench

To delete an audit configuration, you must perform the following tasks:

  • Remove audit triggers from the file

  • Delete the audit configuration

To remove audit triggers from a file

On Audit Manager Workbench (P98200)

Figure 3-13 Audit Manager Workbench screen

Description of Figure 3-13 follows
Description of "Figure 3-13 Audit Manager Workbench screen"

  1. Type a 5 in the O (Option) field to select a file.

  2. Choose Enter to turn off or remove the triggers from the file.

To delete a trigger program

On Audit Manager Workbench (P98200)

Figure 3-14 Audit Manager Workbench screen

Description of Figure 3-14 follows
Description of "Figure 3-14 Audit Manager Workbench screen"

  1. In the Option field, type 9 and choose Enter to display the Confirm Delete screen.

    Figure 3-15 Confirm Deletion Window

    Description of Figure 3-15 follows
    Description of "Figure 3-15 Confirm Deletion Window"

  2. From the Confirm Deletion (P00CFMDLT) screen, choose Enter to delete the configuration objects and setup records.

Note:

This process deletes the trigger programs and removes the records from the setup and program SVR files only. It does not delete the audit file or the audit file SVR record. Federal regulations require the records in the audit files are kept.

3.4 Displaying Triggers for a File

Navigation

From Advanced and Technical Operations (G9), choose Security Officer

From Security Officer (G94), choose Database Audit Manager

From Database Audit Manager (G946), choose Audit Manager Workbench

Before you define new triggers for a file, check the file for pre-existing triggers. If the IBM release is prior to V5R1 and the file has pre-existing triggers, these triggers may be overwritten with the new audit triggers.

To display triggers defined for a file

On Audit Manager Workbench (P98200)

Figure 3-16 Audit Manager Workbench screen

Description of Figure 3-16 follows
Description of "Figure 3-16 Audit Manager Workbench screen"

  1. Choose Add (F6) to display the Files List (P98200X) screen.

  2. Enter 7 in the O (Options) field to view attached triggers of the selected file.

    Figure 3-18 Database File Triggers Window

    Description of Figure 3-18 follows
    Description of "Figure 3-18 Database File Triggers Window"

  3. On Database File Triggers (P98211W), view the trigger programs defined on the file selected.

3.5 Maintaining Reason Codes

Navigation

From Advanced and Technical Operations (G9), choose Security Officer

From Security Officer (G94), choose Database Audit Manager

From Database Audit Manager (G946), choose Reason Code Maintenance

Reason codes are codes that are associated with text. The text describes the type of change made to a data field in a file. When you make a change that triggers an audit process, the reason code in the target file identifies what type of change was made to the data fields in the audited file. Using the Reason Code Maintenance (P98204) screen, you can do the following:

  • Add reason codes to a new program

  • Edit reason codes

  • Search for a reason code

  • View inactive reason codes

To add reason codes to a new program

On Reason Code Maintenance (P98204)

Figure 3-19 Reason Code Maintenance screen

Description of Figure 3-19 follows
Description of "Figure 3-19 Reason Code Maintenance screen"

  1. Page down to the first blank line.

  2. In the O (Option) field, type 2.

  3. Complete the following fields:

    • Program

    • User

    • Reason Description

  4. Choose Enter to complete adding the reason code.

To edit reason codes for a program

On Reason Code Maintenance (P98204)

Figure 3-20 Reason Code Maintenance screen

Description of Figure 3-20 follows
Description of "Figure 3-20 Reason Code Maintenance screen"

  1. Type 2 in the O (Option) field of the reason codes you want to edit.

  2. Complete the following field:

    • Reason Description

  3. Choose Enter to complete the edit.

To search for reason codes

On Reason Code Maintenance (P98204)

Figure 3-21 Reason Code Maintenance screen

Description of Figure 3-21 follows
Description of "Figure 3-21 Reason Code Maintenance screen"

  1. Complete one or both of the following fields at the top of the screen:

    • Program

    • User

  2. Choose Enter. The screen displays the reason codes that match the search criteria entered.

To view inactive reason codes

On Reason Code Maintenance (P98204)

Figure 3-22 Reason Code Maintenance screen

Description of Figure 3-22 follows
Description of "Figure 3-22 Reason Code Maintenance screen"

  1. Type 1 in the O (Option) field for a program.

    Figure 3-23 Inactive Reason Code screen

    Description of Figure 3-23 follows
    Description of "Figure 3-23 Inactive Reason Code screen"

  2. View the inactive reason codes associated with the program on the Inactive Reason Codes (P98204I) screen.

3.6 Changing Configuration Defaults

Navigation

From Advanced and Technical Operations (G9), choose Security Officer

From Security Officer (G94), choose Database Audit Manager

From Database Audit Manager (G946), choose Audit Configuration Defaults

Configuration defaults are used by the system to create a new audit process.

To change configuration defaults

On Audit Configuration Defaults (P98201)

Figure 3-24 Audit Configuration Defaults screen

Description of Figure 3-24 follows
Description of "Figure 3-24 Audit Configuration Defaults screen"

  1. In Library Locations, complete the following fields:

    • Data Files

    • Audit Files

    • Trigger Programs

  2. In Output Trigger Source, complete the following fields:

    • Library

    • Source File

  3. In Trigger Source Template, complete the following fields:

    • Library

    • Source File

    • Member

  4. Choose Enter.