Syslog and SIEM Event Log Forwarding - CPA
Toll Free: (888) 682-5335
 Live Chat
 
Home » Software » iSeries » System i Security » Syslog-SIEM-CPA 
 
System i Security
 
 
1
1
Syslog and SIEM Event Log Forwarding - CPA

Kiwi, Envision, Splunk, ArcSight, Syslog-NG middleware for SYSLOG Server or SIEM software integration with IBM i Series and Mainframe. Enforcive's CPA formats and forwards IBM security, system, DB2 database and exit program and other events to SYSLOG Servers and SIEM tools in a format they can read. System i Security & Mainframe are common platform examples that SIEM & Syslog servers can't process. Event logs can be scheduled to be forwarded in intervals or in near real-time, including using SSL. Enforcive CPA can also store events in its SQL Database and serve as IT Audit Data Warehouse for long term reporting requirements.

The Syslog service enabled by the Enforcive CPA allows integration of these disparate systems by processing and forwarding event log events like: QAUDJRN, DB2 Database, IBM SQL, Network (Exit Program), System (QHST and Message QUEUE), Application, Security Policy, IP Packet, Administrator, and Alert events into a format a Syslog server can use.

Add to Cart
 
 
SYSLOG SIEM Log Management
SYSLOG SIEM Log Management Integration for IBM

The Enforcive/Cross-Platform Audit (CPA) Syslog facility is only one of many functions provided by the CPA product. The CPA is designed to collect and manage events from any platform, database, application or device. The below summary only explains the SYSLOG functions within this product. Although SYSLOG Server and SIEM tools share some common characteristics of the CPA, they typically have issues processing System, Database, Security, Application and other event types coming from the IBM i Series and Mainframe systems. Additionally, the CPA allows transmissions to be sent via SSL.

IF you have a Syslog Server or SIEM framework already in place, and you just want to include your IBM platform(s), the CPA provides a very simple solution. IF your company has not purchased a Framework yet, and you want your IBM Platforms to be included in your Log Management solution, you should consider using the Enforcive/Cross-Platform Audit product (read more on the benefits of the CPA over SYSLOG and SIEM tools).

CPA Syslog facility can be used to process and manage any event type from the IBM platform, but it includes two distinct SYSLOG functions for the purposes of importing and exporting events.

Syslog Event Exporting

The SYSLOG export function redirects information-rich system, database, security, application and other platform relevent events that have been collected by Enforcive CPA agents and agentless collectors for IBM Mainframe, IBM i Series, IBM p Series, SQL Server, Windows, Unix, Linux, and Oracle platforms, and then redirects them to an external SYSLGO Server or SIEM tool by simply entering the IP Address, Port and Protocol.  The Syslog export function doesn't require any other setup in the CPA apart from the normal CPA installation.

Syslog Event Importing

The Enforcive CPA Syslog Server can receive, filter and display syslog events in the CPA (Cross Platform Audit) central data repository. Furthermore, it can produce a variety of reports based on those events.

To facilitate the collection of syslog messages, the CPA includes a component called the CPA Syslog Connector. This receives syslog alerts and messages sent to it from any device or software application on your network and places them in the repository.

Once the syslog events have been imported into the CPA, they can be filtered and viewed and even displayed side by side with non-syslog events collected by other Enforcive multi-platform data collection components. Syslog events can be filtered by date, time, IP address and system name.

 
2130 Platinum Road, Apopka, FL 32703
Copyright © 2012. Midland Information System, Inc. All rights Reserved Terms of Use Privacy Policy Site Map