There is an audit log to monitor service function use by service tools users. You can monitor the use of service functions through the dedicated service tools (DST) security log or through the IBM i security audit log. These logs help you trace unusual access patterns or potential security risks. Below is information on how to access these logs for reference and use.
To work with the Service Tools security log, complete the following steps:
1) Access service tools using DST on the console (To force a Dedicate Service Tools (DST) sign on for a partition), you have 2 ways depending on how your console is connected.
On an HMC (Version 7 & 8) managed system, do the following:
- Step 1: Open the console session.
Power on and connect the device used as the console, (Be on the console sign on screen).
- Step 2: On the HMC, expand Systems Management > Servers. Click on the Select column on the target partition
- Step 3: In the Tasks panel (or Tasks button), expand Serviceability > Control Panel Functions. Click on (21) Activate Dedicated Service Tools.
- Step 4: Click OK when the status window appears.
The partition console session will now have the DST log-in panel.
On a system does not have an HMC, from the control panel:
- Step 1: Put the System in Manual Mode
- Step 2: Force DST by displaying and selecting option 21
2) Enter the QSECOFR service tools user ID and password on the DST Sign-On display.
3) Select option 5 (Work with DST environment) from the Use DST menu.
4) From the Work with DST Environment display, select option 6 (Work with Service Tools Security Data).
5) From the Work with Service Tools Security Data menu,
select option 3 (Work with service tools security log) and press Enter. The Work with Service Tools Security Log display is shown. This display shows security-related activity by date and time.
6) Optional: Press F6 (Print) to print this log.
7) Optional: Type 5 (Display details) in the Option field of the activity you are interested in. The Display Service Tools Security Log Details display is shown with the information for the activity you selected.
The security audit log can be used to record the service tools actions by individual user IDs.
To enable the security audit log to record service tools actions, complete the following steps for each system on which you want to enable the security audit log:
- From IBM Navigator for i, expand Configuration and Service.
- Click System Values.
- Right-click Auditing and select Properties.
- On the System tab, make sure Active action auditing is checked. Make sure the following items are in the Actions to audit list (there may also be other items):
- Security tasks.
- Service tasks.
After the security audit log functions have been enabled, the log information is displayed in the journal receiver. To access the current service tools action entry in the journal receiver, enter the Display Journal (DSPJRN) command on a command line: DSPJRN QSYS/QAUDJRN ENTTYP(ST).
Service tools audit entries include actions such as using the STRSST command and accessing service tools.