=====  Extraction Audit QAUDJRN =====

A voir :\\
[[http://www.securemyi.com/nl/articles/Forensic%20Analysis%20QAUDJRN%20-%20Part%202%20User%20activity.html|Référence pour analyse des audits de sécurité]]


=== Pêle Mêle ===

 QAUDLVL avec
	- *CREATE *DELETE (*USRPRF)  >> CdJrn = "DO" (Delete_Objet)
	- *AUTFAIL	(AccErr) 
	- *SECURITY (*SECOFR ChgSysVal) >> CdJrn = "SV"

CHGUSRAUD USRPRF(User-Profile-name) AUDLVL(*CREATE *DELETE *AUTFAIL) >> CdJrn = "DO" 
CHGUSRAUD USRPRF(User-Profile-name) AUDLVL(*SECURITY) >> CdJrn = "SV"

CdJrn "SV" >> Mdl QSYS/QASY_SV_J5 à dupliquer\\
CdJrn "DO" >> Mdl QSYS/QASY_DO_J5 à dupliquer\\
CdJrn "AF" >> Mdl QSYS/QASY_AF_J5 à dupliquer\\

ou CPYAUDJRNE "AF"\\

[[https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_72/rzarl/rzarlf06.htm|Description sur QASYAFJ5]]


=== Travaux & Profil en mode "*ALLOBJ" ===

Select job_name, authorization_name\\
 from table(QSYS2.Active_Job_Info()) as T1\\
 join QSYS2.User_Info as T2 using(AUTHORIZATION_NAME)\\
 where SPECIAL_AUTHORITIES LIKE '%ALLOBJ%'\\
 AND NO_PASSWORD_INDICATOR = 'NO'\\