× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2024

Re: Talking to a syslog server

I agree it should be simpler.
To be fair, the data and events from the IBM i are more complex than a SAN
is likely to be IMO.
There is a much stronger possibility that filtering or some other mechanism
might be required.
There are also a great many more different types of events to be sent
unless I am missing something.
The volume of events on the i compared to a SAN is much, much greater.
There are third party products that will do this, but arguably that adds
additional expense and complexity.
I've used the Razlee product, it has worked well and as advertised. Fortra
and Precisely also have offerings.

On Thu, Oct 17, 2024 at 6:02 AM Rob Berendt <robertowenberendt@xxxxxxxxx>
wrote:

I just set up our FS7300 SAN to send data to QRadar siem.
Took one command:
mksyslogserver -name qradar01 -ip 10.10.4.192 -facility 7 -login on -audit
on -warning on -info on -error on -protocol udp -port 514

https://www.ibm.com/docs/en/flashsystem-7x00/8.6.x?topic=commands-mksyslogserver
QRadar immediately got a log message that something was added.
Tested an invalid, and a valid, signon and QRadar got those too.

If only IBM i were that easy to configure communication to a syslog
server...

GO CMDSYSLOG
Object CMDSYSLOG in library *LIBL not found.

I do see the following if you want to blunder through this. Granted this
is only done periodically on demand and not as timely as the FS7300
version:
https://www.ibm.com/docs/en/dsm?topic=i-configuring-integrate-qradar
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.