We need to map all JOURNAL entries from IBM for i.
The below audit entries are those that are available to be processed by Guardium:
AD - Auditing change
AF - Authority failure
AX - Row and column access control
CA - Authority change
CD - Command string (Note: CD is not included in the default settings of filter_audit_entry_types)
CO - Create object
CP - User Profile changes
DO - Delete object
GR - General purpose audit record
OM - Object moved or renamed
PG - Primary group change
PW - Invalid password or user ID
OW - Change owner
OR - Object restored
RA - Restore authority change
RO - Restore owner change
RZ - Restore primary group change
SV - System value change
ZR - Read object
ZC - Change object
However, JOURNAL entries do not contains all the fields on the appendix F. Layout of audit journal entries page 621 from the IBM I version 7.3 security reference book: (https://www.ibm.com/support/knowledgecenter/en/ssw_ibm_i_73/rzarl/sc415302.pdf).
For journal entries that identify an object, the following information will be concatenated and be returned:
30-byte-description of the operation
So, we need to have all the field mapped on the agent for audit requirements.
Do not place IBM confidential, company confidential, or personal information into any field.