This chapter contains these topics:
This chapter provides instructions for the most frequent tasks performed with the Database Audit Manager (G946).
From Advanced and Technical Operations (G9), choose Security Officer
From Security Officer (G94), choose Database Audit Manager
From Database Audit Manager (G946), choose Audit Manager Workbench
Use the Audit Manager Workbench (P98200) to set up new or change existing audit configurations. Setting up an audit consists of the following tasks:
Adding a data file
Executing the build process
Activating the audit
Know the library that contains the file to audit
Default must be set up using the Audit Configuration Defaults (P98201)
Default must be set up using the Reason Code Maintenance (P98204)
On Audit Manager Workbench (P98200)
Figure 3-1 Audit Manager Workbench screen
Choose Add (F6). The File List (P98200X) screen displays a list of the database files in a selected library. Highlighted files are currently being audited. (Depending on the number of files in the library, the response may take several seconds to display the list of files.)
Type 1 in the O (Option) field to select a file. Choose Enter to display the Audit Definition Parameters (P98202) screen.
Figure 3-2 Audit Definition Parameter screen
Complete the following fields:
File Name
Program Name
Electronic Signature
Trigger Activation Mode
The Field Selection List (P98203) screen displays.
Type 1 in the O (Option) to select the data fields that will be recorded in the audit file for informational purposes only.
Type 2 in the O (Option) field of the data fields that will trigger the audit program when an action on the file occurs.
Note:
Record adds and deletions are always written to the audit log file. Changes to the selected fields will trigger those changes to be recorded to the audit log file. Selecting fields with a 2 slows system performance. Limit the use of 2 to fields that must be audited. At least one field must contain a 2.Choose Enter to accept the entry.
Choose Exit (F3). The Save Changes (P00CFMCHG) screen displays.
Choose Enter to confirm the fields selected. The Audit Manager Workbench (P98200) screen, displays with the status of *Incmplt. This indicates that changes can still be made to the fields selected.
On Audit Manager Workbench (P98200)
Figure 3-5 Audit Manager Workbench screen
Enter 1 in the O (Option) field to select the file you wish to build.
Choose Enter. When the build is complete, the status changes to *Ready. This indicates that fields may not be changed or added without rerunning the build process.
Note:
If the build errors, you will need to edit the setup information.On Audit Manager Workbench (P98200)
Figure 3-6 Audit Manager Workbench screen
From Advanced and Technical Operations (G9), choose Security Officer
From Security Officer (G94), choose Database Audit Manager
From Database Audit Manager (G946), choose Audit Manager Workbench
It is possible that a file already defined for audit requires changes. However, different steps may need to be performed based on the status of the audit. Once a file has been set up and is active, fields may no longer be removed from the process.
On Audit Manager Workbench (P98200)
Figure 3-7 Audit Manager Workbench screen
Type 2 in the O (Option) field to select the file to be changed. Choose Enter to display the Change Audit Definition (P98200W) screen.
Figure 3-8 Change Audit Definition Window
Type 1 in the Sel (Selection) field of the line indicating the type of information you need to change. Select any or all of the following:
Audit Definition Parameters (P98202)
Field Selection List (P98203)
Add/Change Reason Codes (P98204)
The selected screen displays.
Overtype the information on the screen with your changes. Some information is protected when the status is *Active and cannot be changed.
Choose Enter.
To add a field to an existing audit file where the status is *Active
On Audit Manager Workbench (P98200)
Figure 3-9 Audit Manager Workbench screen
To remove triggers from a file, type 5 in the O (Option) field to select a file. Choose Enter to remove the triggers.
To make a change to the triggers for a file, type 2 in the in the O (Option) field for the file. Choose Enter to display the Change Audit Definition (P98200W) screen.
Figure 3-10 Change Audit Definition Window
Type a 1 in the Sel (Selection) field for Field Selection List. Choose Enter to display the Field Selection List (P98203) screen.
Do one of the following to select the additional fields required:
Type 1 in the O (Option) field to write the field to the audit file for informational reasons only
Type 2 in the O (Option) field to write a record to the audit file.
Choose Exit (F3) to display the Save Changes screen (P00CFMCHG).
Choose Enter to save the changes and display the Audit Manager Workbench (P98200).
On Audit Manager Workbench, enter 1 in the Option field to build the new file definition.
From a command line, use the IBM command DSPFFD to verify the new fields were added to audit file. The fields will appear at the end of the list.
On Audit Manager Workbench, enter 4 in the Option field to place the triggers back on the selected file.
Note:
Adding additional fields to an audit log file that already contains data means that those newly added fields will contain no data for existing records. Data will only be recorded into those fields after they have been added and the trigger rebuilt and reactivated.From Advanced and Technical Operations (G9), choose Security Officer
From Security Officer (G94), choose Database Audit Manager
From Database Audit Manager (G946), choose Audit Manager Workbench
To delete an audit configuration, you must perform the following tasks:
Remove audit triggers from the file
Delete the audit configuration
To remove audit triggers from a file
On Audit Manager Workbench (P98200)
Figure 3-13 Audit Manager Workbench screen
Type a 5 in the O (Option) field to select a file.
Choose Enter to turn off or remove the triggers from the file.
On Audit Manager Workbench (P98200)
Figure 3-14 Audit Manager Workbench screen
In the Option field, type 9 and choose Enter to display the Confirm Delete screen.
From the Confirm Deletion (P00CFMDLT) screen, choose Enter to delete the configuration objects and setup records.
Note:
This process deletes the trigger programs and removes the records from the setup and program SVR files only. It does not delete the audit file or the audit file SVR record. Federal regulations require the records in the audit files are kept.From Advanced and Technical Operations (G9), choose Security Officer
From Security Officer (G94), choose Database Audit Manager
From Database Audit Manager (G946), choose Audit Manager Workbench
Before you define new triggers for a file, check the file for pre-existing triggers. If the IBM release is prior to V5R1 and the file has pre-existing triggers, these triggers may be overwritten with the new audit triggers.
To display triggers defined for a file
On Audit Manager Workbench (P98200)
Figure 3-16 Audit Manager Workbench screen
Choose Add (F6) to display the Files List (P98200X) screen.
Enter 7 in the O (Options) field to view attached triggers of the selected file.
Figure 3-18 Database File Triggers Window
On Database File Triggers (P98211W), view the trigger programs defined on the file selected.
From Advanced and Technical Operations (G9), choose Security Officer
From Security Officer (G94), choose Database Audit Manager
From Database Audit Manager (G946), choose Reason Code Maintenance
Reason codes are codes that are associated with text. The text describes the type of change made to a data field in a file. When you make a change that triggers an audit process, the reason code in the target file identifies what type of change was made to the data fields in the audited file. Using the Reason Code Maintenance (P98204) screen, you can do the following:
Add reason codes to a new program
Edit reason codes
Search for a reason code
View inactive reason codes
To add reason codes to a new program
On Reason Code Maintenance (P98204)
Figure 3-19 Reason Code Maintenance screen
Page down to the first blank line.
In the O (Option) field, type 2.
Complete the following fields:
Program
User
Reason Description
Choose Enter to complete adding the reason code.
To edit reason codes for a program
On Reason Code Maintenance (P98204)
Figure 3-20 Reason Code Maintenance screen
Type 2 in the O (Option) field of the reason codes you want to edit.
Complete the following field:
Reason Description
Choose Enter to complete the edit.
On Reason Code Maintenance (P98204)
Figure 3-21 Reason Code Maintenance screen
Complete one or both of the following fields at the top of the screen:
Program
User
Choose Enter. The screen displays the reason codes that match the search criteria entered.
On Reason Code Maintenance (P98204)
Figure 3-22 Reason Code Maintenance screen
Type 1 in the O (Option) field for a program.
View the inactive reason codes associated with the program on the Inactive Reason Codes (P98204I) screen.
From Advanced and Technical Operations (G9), choose Security Officer
From Security Officer (G94), choose Database Audit Manager
From Database Audit Manager (G946), choose Audit Configuration Defaults
Configuration defaults are used by the system to create a new audit process.
To change configuration defaults
On Audit Configuration Defaults (P98201)
Figure 3-24 Audit Configuration Defaults screen
In Library Locations, complete the following fields:
Data Files
Audit Files
Trigger Programs
In Output Trigger Source, complete the following fields:
Library
Source File
In Trigger Source Template, complete the following fields:
Library
Source File
Member
Choose Enter.