In iSeries, as far as I know, most Audit Trail was created based on trigger. In case that trigger implementation is forbidden or limited only to certain condition, then journal is the best option to produce Audit Trail.
In order to obtain the best performance in term of as small as possible number of I/O (read), consider the following steps when coding a program for Audit Trail:
1. List down all objects that need an Audit Trail.
2. Get journal information for all objects in the list.
3. Sort the list based on journal.
4. Define selection criteria for all object on the same journal.
5. Read all of journal using QjoRetrieveJournalEntries with selection criteria on step 4 and produce Audit Trail.
6. Repeat the process in regular time (let say every 10 minutes).
In case where step 3 is omitted, it can potentially caused massive I/O (read) that can be degrade performance the entire system.
Be aware on step 4, last journal sequence should be used to make sure only new journal entry being read in the next process.
If journal entry is set to capture both before and after image, then Audit Trail program has capabilities to present old and new field changes, otherwise only last value that can be presented.
I define the code with two tier program, one job for tier one and five jobs for tier two. Tier two read from the same data queue that coming from tier one.
Tier one having parameter option to refresh or reload the input data (perform step 1 until 3) and send data queue as an input for tier two to work. Before repeat (step 6) the process, tier one should have sleep at least 10 milliseconds (for near real time Audit Trail) to allow CPU take some rest, while 10 minutes is enough for regular Audit Trail. Tier one should be re-run with refresh or reload in case there are changes on object list (add new object or remove the old one) or there are journal changes to object that list on the object list.
Tier two perform data queue receive then perform step 4 and 5 only.
Reading journal on step 5 with known previous last journal sequence could be done with format 'RJNE0200' and variables 1,2,6,8 and 16, while for first time, without previous last journal sequence, I prefer to use variables 1,3,6,8 and 16.