The following describes how you activate the DB audit control file and select the file(s) that you want to journal.
Prerequisites
The person that activates the DBAM function needs to log on as QSECOFR or be granted authority to object CHGJRN. Note: Granting authority to a user needs to be performed in a 5250 session. To grant the authority to a user, run the following command while logged on as QSECOFR:
| GRTOBJAUT OBJ(CHGJRN) OBJTYPE(*ALL) USER(USERID) AUT(*USE) |
Reply list
When you create the DB log file entries, a stop in the operator’s message queue will appear and to which you must reply. To prevent this, it is possible to change or add an entry in the reply list.
- Enter command: WRKRPYLE
- You access the Add/Change Reply List Entry panel.
- Message identifier
- Enter CPA7025.
- Message reply
- Enter I to ignore the message.
File or any members of the file
The file, or any members of the file, that you want to activate may not be locked. Note: No members of the file may be locked while activating DBAM. Use the following command to control the status of the file:
WRKOBJLCK OBJ(NAME) OBJTYPE(*FILE)
Activate DBAM
- Log on to DC1 in the environment and company where you want to activate DBAM.
- Select the Work with DB audit control file menu item.
- You access DB audit control file maintenance. Complete the following field:
- Type of audit
- Valid values are the following. For the purpose of this example, enter 1.
- Select the Work with data base audit management menu item.
- You access DB audit library table maintenance. Click Add.
- On the detail panel, complete the following fields:
- Library
- Enter the name of the library where the file you want to audit is stored.
- Journal
- Enter a name for the journal.
- Receiver 1 and 2
- Enter the names of receiver objects.
- You return to the initial panel where the new library is listed. Highlight the library and click Select.
- You access DB audit files table maintenance, click Add.
- On the detail panel, complete the following fields:
- File
- Enter the name of the file you want to audit.
- Description
- Enter a description.
- Logging
- Set to YES.
- You access DB audit fields table maintenance. When you first access this panel nothing is displayed. Click Select all fields to retrieve all fields in the file. Mark a field(s) if you want to set the logging to NO or give the field an ID sequence number. Click Select.
- On the detail panel, all fields are automatically completed except for the Identity sequence field. This field is used for sequencing the records that you log. The field does not have to be activated for logging even though it is used for sequencing. If you, for example, use the customer number as sequence selector, you do not have to activate that field for logging. At least one field must have a sequence number. Click OK and you will automatically access the next record. When all the selected records have been maintained you will return to the initial DB audit fields table maintenance panel where the sequence numbers are displayed. Caution: If transaction fields are selected for logging the DB audit log file can be extremely large.
- Select the Create DB log file entries menu item.
- On the creation panel, click OK. Note: If you have not made any changes in the Reply List Entry, you might need to reply to a message from the operators queue before the log entries will be created.
| Code | Description |
|---|---|
| 1 | For journalling the files and fields that are activated through DBAM and that routine only. |
| 2 | To activate DBAM for existing journals. |
| 3 | To perform a database audit through triggers instead of using journalling. This is advantageous if you use journalling for other purposes like high availability solutions. |
When the fields have been completed click Create journal/receivers to create the journal (object type JRNRCV) and receivers (object type JRN). Click Back.
Click Maintain fields to select the fields in the file.
When all files and fields have been selected you must activate the log file for entries.