Syslog & SIEM
SYSLOG Server and SIEM and other event log management tools need software running on the IBM iSeries to format the event logs into Common Event Format (CEF) or other custom format variations such as CCEF, NFX, RSA so they can parse IBM logs properly before forwarding. IBM iSeries AS400, Power AIX and Mainframe systems are examples of systems that do not natively support the required Common Event Formats required by HP ArcSight, IBM QRadar, Splunk, McAfee, LogRhythm, Kiwi, Solarwinds, Alert Logic, RSA enVision, netForensics, Novell, SYSLOG NG, Cobrasonic, Secure Analytics and any other event logging and archiving products. The Data Provider event log forwarding software can be configured in under a minute on your IBM iSeries, and supports any SYSLOG Server or SIEM software.
If your company does not already have a SYSLOG Server or SIEM, the Cross-Platform Audit (CPA) can serve as an independent event log management facilty for auditing, reporting, intrusion detection alerts and long-term archiving. This SYSLOG facility allows integration of disparate system event logs by formatting them into a logical and readable format in a SQL database. The CPA can serve as a SYSLOG Server for the following platforms: IBM iSeries (AS400): QAUDJRN, DB2 Database, IBM SQL, Network (Exit Program), System (QHST and Job/Message Queue), Security Policy, IP Packet, Administrator, and Alert IDS events OR IBM Mainframe: SMF Telnet, SMF FTP, SMF VSAM, SMF RACF, TCP/IP FTP, TCP/IP Telnet applications, DB2 SMF, DB2 Data Audit Log, DB2 CICS SQL Data Capture, DB2 Batch SQL Data Capture AS WELL AS other platforms and databases, including: IBM AIX, Windows, Linux, Unix, Oracle, MS SQL, MYSQL, Progress, Sybase, devices and other SYSLOG sources. The CPA also provides many other critical auditing, reporting and alerting functions you will find on other SYSLOG Server and SIEM products.