Auditing direct access to SAP tables
We have been tasked with figuring out a way to audit direct updates to SAP tables directly from the i5/OS. This would be direct updates using the SQLUTIL utility or the STRSQL utility or some other utility. We need to find the who, what, where questions of how that object was updated.
In doing some research on this we have found the DSPJRN command will probably give us the information we need, but this probably isn't going to be practical to run monthly or weekly since there are a lot of entries to go through in the DSPJRN command. We are just interested in the entries that come from directly on the OS and not from the SAP system.
Has anyone done this either with the DSPJRN command or another method? Are there third party products for the i5/OS that could catch these actions and report off of them?