Auditing user actions
Internal and external auditors might need to examine the actions that specific users (who are identified by their user IDs) or transactions have performed within an IMS system during a particular time period.
Log Analyzer can generate batch reports that auditors can analyze manually, and it can generate extract and index files that auditors can analyze interactively through the Log Analyzer ISPF interface.
The following example shows control statements for the collection of information for an audit. The auditor wants to see the actions that user ID F014389 performed during the afternoon and evening of January 9, 2007. The auditor prefers to use batch reports (instead of the ISPF interface) to analyze the collected information.
SLDS=(IMS.SYSTEM.SLDS,R81)
FILTER
SEL = USERID = F014389
INTERVAL
START=2007009/1200000
STOP=2007010/0000010
REPORTS
AUDIT=ALL
SUMM=ALL
LDET=ALL
END
The following example shows the Auditing report that was generated by the control statements from the previous example. During the target time range, the user signed off of two terminals.
LOG time span: FROM 2006-257 16:45:00.6 TO 2006-257 17:14:44.3
TYPE TIME TARGET LUOW# Log seq # Additional data
SIGNOFF 20062571704529 F014389 0005424 000000000186A222 term=GHB61910
SIGNOFF 20062571704529 F014389 0005425 000000000186A223 term=GHA10417
The following example shows control statements for the collection of information for an audit. The auditor wants to see the actions that user ID F014389 performed during the afternoon and evening of January 9, 2007. Because the auditor prefers to perform detailed research on the collected information through the ISPF interface, output extract and index files will be created.
SLDS=(IMS.SYSTEM.SLDS,R81)
FILTER
SEL = USERID = F014389
INTERVAL
START=2007009/1200000
STOP=2007010/0000010
REPORTS
AUDIT=ALL
EXTRACT
DSN=BMC.LUI.EXTRACT.JOB0028C
UNIT=SYSDA
STORC=DEVSMS
PRISP=120
SECSP=70
SPU=CYL
INDEXFILE
DSN=BMC.LUI.INDEX.JOB0028C
UNIT=SYSDA
STORC=DEVSMS
PRISP=120
SECSP=70
SPU=CYL
END
The following example shows an audit request that searches for a transaction (TRAN02) instead of a user ID:
SLDS=(IMS.SYSTEM.SLDS,R81)
FILTER
SEL = DEST = TRAN02
INTERVAL
START=2007009/1200000
STOP=2007010/0000010
REPORTS
AUDIT=ALL
SUMM=ALL
LDET=ALL
END
The following example shows a portion of the Auditing report that is generated by the control statements from the previous example:
Auditing report (AUDIT )
LOG time span: FROM 2006-257 16:45:00.6 TO 2006-257 17:14:44.3
TYPE TIME TARGET LUOW# Log seq # Additional data
SIGNON 20062571646394 F474634 0000513 0000000001851EA5 term=GHA33320
COMMAND 20062571648424 0001115 0000000001854F09 STA TRA TRAN02 .
COMMAND 20062571648424 0001119 0000000001854F33 STA TRA TRAN02 .
COMMAND 20062571650167 HQ71C1E4 0001505 0000000001856E6B DIS NOD HQGWYL* .
COMMAND 20062571650224 HQ71C1E4 0001523 0000000001856FA3 DIS NOD HQGWYJ* .
COMMAND 20062571650364 HQ71C1E4 0001573 000000000185733D DIS NOD HQ71C1* .
SIGNON 20062571650396 F474634 0001593 0000000001857469 term=GHA33672
COMMAND 20062571650426 HQ71C1EE 0001610 0000000001857577 DIS NOD HQ71C1* .
COMMAND 20062571650459 HQ71C1E4 0001631 00000000018576C4 DIS NOD HQ84C1* .
SIGNON 20062571652315 F474634 0002156 0000000001859D8B term=GHB14869
SIGNOFF 20062571652412 F474634 0002204 000000000185A107 term=GHB14869
SIGNOFF 20062571653536 F474634 0002405 000000000185B2F2 term=GHA33672
SIGNON 20062571655267 F474634 0002779 000000000185CCC8 term=GHB15364
SIGNOFF 20062571655307 F474634 0002795 000000000185CDD8 term=GHB15364
SIGNOFF 20062571656336 F039025 0003130 000000000185E945 term=GHB47702
SIGNON 20062571656490 F039025 0003185 000000000185ED2C term=GHA33984