iSeries Syslogging

62385 pts.
iSeries System Log
iseries v5r4
We are going through a PCI audit.

It was recommended that we look into iSeries Syslogging.

What is it and how do I do it?

Software/Hardware used:
AS400 V5R4

Answer Wiki

Thanks. We'll let you know when a new response is added.

all as400 journal can be found in qaudrn…i too didnt do iseries syslogging.

Discuss This Question: 1  Reply

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TomLiotta
    <Disclaimer: As the main author of PowerTech Interact, I can answer specific technical questions about syslog or syslog-NG, but I need to keep my employer's interests in mind. /Disclaimer> "Syslogging" would be the monitoring of events, the formatting of events into a syslog message and the sending of that message to some syslog server. If you google for [ rfc syslog ] or for [ rfc syslog-ng ], you'll find everything you need to know in the first pages of the search results. You might find that this page from the IETF Syslog Working Group provides some useful general background in the left-hand sidebar. Mostly you might find that lots of incompatibilities have existed and that it's only in the past year or so that useful standards have started to be available. The PASE for System i and Syslog / Syslogd document is a short discussion from IBM's viewpoint. PASE includes some basic syslog support as mentioned in Debugging your i5/OS PASE programs, though it does take work to make it useful as a general system-level syslog interface. An example (in short) of what might be expected -- someone tries to signon to telnet with an incorrect password, a T/PW entry is logged to QAUDJRN, your program is called to format the audit journal entry into a form acceptable to a syslog server, your program sends that formatted message through a socket to the configured syslog server, and some syslog console or other programming acts upon that message according to however you set it up. The choice of events to monitor, the techniques you use for monitoring and other elements that lead up to the actual message formatting and sending are all up to you. Basic testing of receipt of a syslog message can be done with the Kiwi Syslog Tools, a very useful freeware set. Those help you know when your messages are making sense to the syslog server. Build Vs. Buy is the decision. Pick a specific monitorable event and see what it takes to cause it to make sense in Kiwi (or your choice of Console). Break your solution into modules to see how much can be reused for different events and how much is unique to each event. Include estimates for keeping up with new releases of i5/OS. Check performance hits on the system during heavy loads, etc., to determine what's acceptable. Do all the stuff any app needs, but keep in mind that this approaches system-level programming that requires some careful security. Not just security in terms of authority, but also in terms of comfort -- the warm-and-fuzzy "sense of security". Does it keep on running? If it's ended, is it going to lose track of some events? What if TCP/IP itself has troubles? In short, make sure you know the service level objectives and that they can be met. Interesting and fun. Not so much fun when something goes wrong and your auditor asks for explanations. Ask technical questions as needed. Good luck. Tom
    125,585 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: