Hi Anup;
For DB2, QAUDJRN, QSYSMSG and QSYSOPR, we have a tool called Powertech SIEM Agent for IBM i. It converts IBM i events from these sources into Syslog format to be compatible with tools like Splunk, Kafka, QRADAR, Logrythm, etc. This solution is real time and offers filtering at the source so you don't overwhelm these log tools.
Notice webservices logs are not in this list. This logs are stored in the IFS of IBM i. We can read these logs with our Robot or Halcyon solutions and feed the contents to the SIEM Agent software on IBM i.
No programming required for this solution as you setup the products through a 5250 interface or GUI.
Best of luck
Tom
------------------------------
tom huntington
------------------------------
Original Message:
Sent: Thu January 20, 2022 06:09 AM
From: Markus Neuhold
Subject: Log analytics tools on IBM i
Hi Anup
For DB2 and general IBM i Logs you best go with enabling system auditing and analyse the journals either directly with JRN-CMDs, the System Navigator or with SQL Services.
When it comes to logfiles generated by software implemented in PASE (webservices etc) you may end up with default .log output and you could consider other techniques to analyze them. E.g. using syslog-er and forward the logs to a SIEM server to analyze them then in a SOC system having all the relevant logs for your companies infrastructure.
For permanent and complete system analyses there are services/products provided by IBM and partners to convert and forward the native IBM i log information in a SIEM readable and RFC conform log format as well.
Kind regards
Markus
------------------------------
Markus Neuhold
Original Message:
Sent: Thu January 13, 2022 04:31 AM
From: Anup Panda
Subject: Log analytics tools on IBM i
Hi Team,
Is there any popular log analytics tools on IBM i which will be used to monitor & manage logs for DB2 & webservices running on IBM i platform.
Please suggests,
Thank & Regards
Anup Panda
IBM i Consultant
------------------------------
Anup Panda
------------------------------