IBM i

 View Only
  • 1.  Log analytics tools on IBM i

    Posted Thu January 13, 2022 10:45 AM
    Hi Team,

    Is there any popular log analytics tools on IBM i which will be used to monitor & manage logs for DB2 & webservices running on IBM i platform.

    Please suggests,

    Thank & Regards
    Anup Panda
    IBM i Consultant

    ------------------------------
    Anup Panda
    ------------------------------


  • 2.  RE: Log analytics tools on IBM i

    Posted Fri January 14, 2022 04:09 AM
    In last weeks Powerwire newsletter Andy Youens spoke about Logrotate, check it out at this link https://powerwire.eu/logrotate-on-ibm-i

    ------------------------------
    Dennis Nel
    ------------------------------



  • 3.  RE: Log analytics tools on IBM i

    Posted Fri January 14, 2022 09:37 AM
    Hi Dennis,

    Thank you for sharing the link. Its  definitely helpful.


    ------------------------------
    Anup Panda
    ------------------------------



  • 4.  RE: Log analytics tools on IBM i

    Posted Mon January 17, 2022 03:57 AM
    Thanks Dennis, you beat me to it!  Hope its useful Anup.

    ------------------------------
    Andy Youens
    IBM Champion & Member of IBM ISV Advisory Council
    ------------------------------



  • 5.  RE: Log analytics tools on IBM i

    Posted Wed January 19, 2022 01:20 AM
    Hi Andy,

    Seems Logrotate is useful for  automatic rotation, compression, removal and mailing of log files.

    Does it capable of producing any analytics ( different reports) of the log file?

    Please let me know.

    Thanks in advance.


    ------------------------------
    Anup Panda
    ------------------------------



  • 6.  RE: Log analytics tools on IBM i

    Posted Wed January 19, 2022 04:08 AM
    Hi Anup

    What reporting are you after?  

    if logrotate doesn't do what you are after, how about opening a feature request on their github repo? https://github.com/logrotate/logrotate 

    All the best!

    ------------------------------
    Andy Youens
    IBM Champion & Member of IBM ISV Advisory Council
    ------------------------------



  • 7.  RE: Log analytics tools on IBM i

    Posted Mon February 21, 2022 04:09 PM
    Hi Mister,

    For reporting, I suggest you query with SQL on QSYS2.DISPLAY_JOURNAL (https://www.ibm.com/docs/en/i/7.2?topic=services-display-journal-table-function). With some python and pandas, you'll be able to get extractions about everything you need (HISTORY LOG - DSPLOG, QAUJRN - AUDIT JOURNAL, JOBLOG).

    In my company, we have succeed to aliment data from DB2 journals to ELK stack (we are writing a post about it), I will post it on the forum when it will be ready 

    Sincerely,

    Andy MALO

    ------------------------------
    Andy Malo
    ------------------------------



  • 8.  RE: Log analytics tools on IBM i

    Posted Thu January 20, 2022 06:09 AM
    Edited by Markus Neuhold Thu January 20, 2022 06:11 AM
    Hi Anup

    For DB2 and general IBM i Logs you best go with enabling system auditing and analyse the journals either directly with JRN-CMDs, the System Navigator or with SQL Services. 

    When it comes to logfiles generated by software implemented in PASE (webservices etc) you may end up with default .log output and you could consider other techniques to analyze them. E.g. using syslog-er and forward the logs to a SIEM server to analyze them then in a SOC system having all the relevant logs for your companies infrastructure.

    For permanent and complete system analyses there are services/products provided by IBM and partners to convert and forward the native IBM i log information in a SIEM readable and RFC conform log format as well. 

    Kind regards 
    Markus

    ------------------------------
    Markus Neuhold
    ------------------------------



  • 9.  RE: Log analytics tools on IBM i

    Posted Wed January 26, 2022 10:53 AM
    Hi Anup;

    For DB2, QAUDJRN, QSYSMSG and QSYSOPR, we have a tool called Powertech SIEM Agent for IBM i.  It converts IBM i events from these sources into Syslog format to be compatible with tools like Splunk, Kafka, QRADAR, Logrythm, etc.  This solution is real time and offers filtering at the source so you don't overwhelm these log tools.

    Notice webservices logs are not in this list.  This logs are stored in the IFS of IBM i.  We can read these logs with our Robot or Halcyon solutions and feed the contents to the SIEM Agent software on IBM i.

    No programming required for this solution as you setup the products through a 5250 interface or GUI.

    Best of luck

    Tom

    ------------------------------
    tom huntington
    ------------------------------