×

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.



  1.  Home
  2. MIDRANGE-L
  3. May 2026

Open Source OpenTelemetry & LEEF/CEF Log Forwarder for IBM i (QAUDJRN)

Hi everyone,
Like many IBM i shops, we recently had to integrate our partition security
logs (QAUDJRN) with our enterprise security operations center (SOC). We
quickly ran into a common issue: the standard proprietary tools are heavy,
licensing is expensive, and mapping journal entry structures into modern
formats is a constant headache.
To solve this, we built and open-sourced **LegacyTel**—a lightweight,
high-performance log forwarding and normalization agent written in pure Go
(standard-library only, zero external dependencies).
It runs natively inside the PASE environment (or as a centralized gateway
receiving journal streams) and translates IBM i audit events directly into
modern observability formats.
### Key Technical Specs for IBM i:
- **Zero-Dependency Binary:** Tiny binary size (< 10MB) and extremely low
memory footprint (< 25MB RAM). It compiles immediately without needing pip,
npm, or go-mod proxies on your systems.
- **QAUDJRN Native Mapping:** Decodes standard QAUDJRN *TYPE5 journal
receiver formats, automatically mapping entry types:
- PW (invalid logins/resets) -> OTel Authentication logs
- AF (authority failures) -> OTel Privilege access violations
- CP (profile creation/changes) -> OTel Administrative audits
- SV & JS (system values and job session states) -> OTel System logs
- **SIEM-Neutral & Open Standard:** Exports natively in the standard
OpenTelemetry (OTLP/HTTP) format or structured Syslog text formats:
- **LEEF (Log Event Extended Format):** For native IBM QRadar integration.
- **CEF (Common Event Format):** For generic SIEMs (Sentinel, Elastic,
Splunk, ArcSight).
- **Mutual TLS (mTLS):** Supports native standard-library TLS 1.2/1.3 and
mTLS client verification via the IBM i Digital Certificate Manager (DCM)
for zero-trust environments.
- **Embedded Web Console:** Includes a local HTTP/SSE glassmorphic
dashboard (port 8080) for real-time log tailing, filtering, and structured
JSON inspectability.
The code, configuration templates, and a standalone, self-contained IBM i
installation manual are available on GitHub.
We would love for the community to test it out, fork it, and let us know
your feedback!
👉 **GitHub Repository:** https://github.com/spinovation/LegacyTel
👉 **IBM i Standalone Guide:**
https://github.com/spinovation/LegacyTel/blob/main/docs/DEPLOYMENT_AS400.md
Cheers!
Ganapati Sridhar

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.