zSecure Alert can be used to generate messages in RFC 3164 format, i.e., in syslog structured text format. This is selected with the "QRadar UNIX Syslog" check box, and sends a message with a few of the relevant fields to the recipient (Splunk, or QRadar). The field names can be found in
Appendix C of the zSecure Alert User Reference Manual.
zSecure Alert installs its own SMF exits (IEFU83/84/85 or IEFU86).
Enrichment of SMF data, such as finding the profile for data set names, looking up the programmer name field for users, or identifying the APF data sets in the system, is achieved within zSecure Alert. For this purpose zSecure Alert's started task C2POLICE starts a daily collection of CKFREEZE information, running in C2PCOLL.
There is no need for an additional SMF data extractor (CKQEXSMF). This function is only used for CKQRADAR if your installation does not use or want to use SMF log streams.
------------------------------
Rob van Hoboken
------------------------------