× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2023

Re: Question on IBM i and integrating SIEM software.

I'm currently working on a large project involving this, and you probably want to look into SRM - https://mediacenter.ibm.com/media/IBM+i+Syslog+Reporting+Manager+%28SRM%29+Demo/1_4okljp5d

One thing you'll notice is that the messages will need manual rule definitions/translation on the SIEM side. On our side, we've solved this with a tool written in golang that dumps all the data into an ELK stack, and then selectively forwards it to Sentinel/Microsoft Defender.

/y

On 31/08/2023, 21:06, "MIDRANGE-L on behalf of Bryan Dietz" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx <mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of bdietz400@xxxxxxxxx <mailto:bdietz400@xxxxxxxxx>> wrote:


have a look at the "syslog" option for the following.
This is how you would most likely provide data to a SIEM server


https://www.ibm.com/docs/en/i/7.4?topic=services-display-journal-table-function <https://www.ibm.com/docs/en/i/7.4?topic=services-display-journal-table-function>
https://www.ibm.com/docs/en/i/7.4?topic=services-history-log-info-table-function <https://www.ibm.com/docs/en/i/7.4?topic=services-history-log-info-table-function>




Bryan






Michael Mayer wrote on 8/31/2023 1:55 PM:
Good afternoon everyone.
I have been tasked into researching linking up our IBM i's (Power 10's @ V7R4) to a SIEM
syslog.

Has anyone done this recently? If so, what was your experience. What software if any,
did you use to implement your process?

You would think with IBM i Reference Pages Blog that I built for the IBM i community that
I would have something like this to look up. I could message the security vendors on the blog
but thought I'd reach out here for input. You guys always have info on just about everything
that is brought to the table.

You can reach me here, via email or even via the blog site.
Thank you everyone.

Respectfully,
Michael Mayer
IBM i on Power System Admin
ERMCO-ECI
2225 Industrial Rd
Dyersburg, Tennessee 38024
Office and OnCall: 731.676.4318
Cell: 518.641.8906
Email: michael.mayer@xxxxxxxxxxxxx <mailto:michael.mayer@xxxxxxxxxxxxx>
https://www.ermco-eci.com <https://www.ermco-eci.com>
IBM i Personal Blog: https://ibmireference.blogspot.com <https://ibmireference.blogspot.com>
"Success is not final. Failure is not fatal. It is the courage to continue that counts".








As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.