midrange.com code scratchpad
Name:
bad logons from audit log
Scriptlanguage:
Plain Text
Tabwidth:
4
Date:
09/17/2008 01:54:59 pm
IP:
Logged
Description:
Simple command/CLP/QRY

to show bad logon attempts.
You must be auditing *SECURITY events for this to work.
Code:
  1. *************** Beginning of data *************************************
  2.              CMD        PROMPT('show bad logon attempts')              
  3.              PARM       KWD(FDATE) TYPE(*CHAR) LEN(6) MIN(1) +         
  4.                           PROMPT('From Date (MMDDYY)')                 
  5.              PARM       KWD(FTIME) TYPE(*CHAR) LEN(6) MIN(1) +         
  6.                           PROMPT('From Time (HHMMSS)')                 
  7.              PARM       KWD(TDATE) TYPE(*CHAR) LEN(6) PROMPT('To +     
  8.                           Date(MMDDYY) blank = today')                 
  9.              PARM       KWD(TTIME) TYPE(*CHAR) LEN(6) PROMPT('To +     
  10.                           Time(HHMMSS) blank = now')                   
  11.               PARM       KWD(RCDSEL) TYPE(*CHAR) LEN(1) RSTD(*YES) +   
  12.                            DFT(N) VALUES(N Y) PROMPT('Query w/Record + 
  13.                            Selection?')                                
  14. ****************** End of data ****************************************
  15.  
  16. *************** Beginning of data ***********************************
  17.     PGM  (&FDATE &FTIME &TDATE &TTIME &RCDSEL)                       
  18.                                                                      
  19.       DCL &FDATE *CHAR 6                                             
  20.       DCL &FTIME *CHAR 6                                             
  21.       DCL &TDATE *CHAR 6                                             
  22.       DCL &TTIME *CHAR 6                                             
  23.       DCL &RCDSEL *CHAR 1                                            
  24.                                                                      
  25.      MonMsg      CPF0000    *N        GoTo Error                     
  26.                                                                      
  27.              IF         COND(&TDATE = '      ') THEN(RTVSYSVAL +     
  28.                           SYSVAL(QDATE) RTNVAR(&TDATE))              
  29.              IF         COND(&TTIME = '      ') THEN(RTVSYSVAL +     
  30.                          SYSVAL(QTIME) RTNVAR(&TTIME))               
  31.                                                                      
  32.              CHKOBJ     OBJ(QTEMP/QASYPWJ5) OBJTYPE(*FILE)           
  33.              MONMSG     MSGID(CPF9801) EXEC(CRTDUPOBJ OBJ(QASYPWJ5) +
  34.                           FROMLIB(QSYS) OBJTYPE(*FILE) TOLIB(QTEMP)) 
  35.              DSPJRN     JRN(QAUDJRN) RCVRNG(*CURCHAIN) +                
  36.                           FROMTIME(&FDATE &FTIME) TOTIME(&TDATE +       
  37.                           &TTIME) JRNCDE((T)) ENTTYP(PW) +              
  38.                           OUTPUT(*OUTFILE) OUTFILFMT(*TYPE5) +          
  39.                           OUTFILE(QTEMP/QASYPWJ5)                       
  40.                                                                         
  41.              IF         COND(&RCDSEL = 'N') THEN(RUNQRY +               
  42.                           QRY(BADLOGONS) OUTTYPE(*DISPLAY))             
  43.              ELSE       CMD(RUNQRY QRY(BADLOGONS) OUTTYPE(*DISPLAY) +   
  44.                           RCDSLT(*YES))                                 
  45.                                                                         
  46.      GOTO END                                                           
  47. /*-- Error handling:  -----------------------------------------------*/ 
  48.  Error:                                                                 
  49.      Call        QMHMOVPM    ( '    '                 +                 
  50.                                '*DIAG'                +                 
  51.                                x'00000001'            +                 
  52.                                '*PGMBDY'              +                 
  53.                                x'00000001'            +                 
  54.                                x'0000000800000000'    +                 
  55.                              )                               
  56.                                                              
  57.      Call        QMHRSNEM    ( '    '                 +      
  58.                                x'0000000800000000'    +      
  59.                              )                               
  60.                                                              
  61. END:        DLTF       FILE(QTEMP/QASYPWJ5)                  
  62.             ENDPGM                                           
  63. ****************** End of data ******************************
  64.  
  65. *************** Beginning of data *********************************************
  66. H QM4 05 Q 01 E V W E R 01 03 08/05/29 12:02                                   
  67. V 1001 050 simple query over the QASYPWJ5 QAUDJRN                              
  68. V 5001 004 *HEX                                                                
  69. SELECT                                                                         
  70.   ALL       DIGITS(PWNBR)||'/'||PWUSER||'/'||PWJOB AS JUN, PWPGM, PWRADR,      
  71.             PWTYPE, PWUSRN, PWDEVN, PWTSTP, PWRPORT, PWRLOC, PWLLOC, PWONAM,   
  72.             PWOTYP                                                             
  73.   FROM      QTEMP/QASYPWJ5 T01                                                 
  74. ****************** End of data ************************************************
  75.  
© 2004-2019 by midrange.com generated in 0.006s valid xhtml & css