This live hands-on workshop provides the student with an understanding of the IBM i Security Audit Journal (QAUDJRN) along with a comprehensive view of the auditing facilities available on the system. Students will learn how to configure the system auditing facilities to audit the activity of Users, access to sensitive Objects and Security related events, like authority failures and invalid logon attempts. In addition to learning how to audit these various activities, students will learn how to properly extract meaningful information from the QAUDJRN Security Audit journal to perform forensic analysis of audited events. This workshop also provides the information needed to create and maintain the QAUDJRN Security Audit journal and associated journal receivers.
Before taking this course, you should have basic knowledge of IBM i (iSeries, AS/400) Security Concepts.
2 Days/Lecture & Lab
This course is designed for those wanting to gain an understanding of the IBM i Security Audit Journal (QAUDJRN) and the auditing facilities available on the system.
Introduction to QAUDJRN and Auditing
- Maintaining QAUDJRN
- Major Configuration Options for Auditing
- Configuring Auditing of Security Events
- Configuring User Auditing
- Configuring Object Auditing
- Extracting Information from QAUDJRN
- Reporting Extraction Results
- Forensic Analysis Scenarios/Examples