Step 5: Activating Real Time Detection
You must activate real-time detection on your system to enable triggering actions and posting events in the Audit history log. It is recommended that you allow IBM i (OS/400) to activate real-time detection automatically at IPL. You can de-activate real-time detection at any time.
To manage real-time detection after installation, select 2. Activation in the Audit main menu (STRAUD > 2). The Activation menu appears.
| AUSETMN Activation iSecurity/Audit System: S520 Activation Manual Activation (Local/Remote) 1. Activate ZAUDIT subsystem 31. Start Real-Time Auditing 2. De-activate ZAUDIT subsystem 32. End Real-Time Auditing 5. Work with Active Jobs 33. Set/Add Start of Auditing STRAUD, 81, 5 to set activities 35. Work with Active Journals For QHST/MsgQ see STRAUD, 14 Auto-Activation at IPL Analyzing QAUDJRN on another system 11. Activate ZAUDIT subsystem at IPL 41. Setup 12. Do Not Activate ZAUDIT sbs at IPL Selection or command ===> F3=Exit F4=Prompt F9=Retrieve F12=Cancel F13=Information Assistant F16=AS/400 main menu |
To activate real-time auditing manually:
- Select 31. Start Real-Time Auditing.
- In the Start Real-Time Auditing (STRRTAUD)screen that appears, enter the required starting date and time (and if relevant, enter the required ending date and time), then press Enter.
To end real-time auditing,
- Select 32. End Real-Time Auditing.
- Specify which system to stop auditing.
To set a specific time and date to begin auditing:
- Select 35. Set Start of Auditing Time.
- In the Set Start of Auditing Time (SETRTAUD) screen that appears, enter the required starting date and time, then press Enter.
To enable automatic activation at IPL, select 11. Activate ZAUDIT subsystem at IPL.
To manually activate or add additional message queue detection:
- Select 14. Message Queue (SysCtl) in the Audit main menu
- Select 21. Activate in the Message Queue menu.