IBM I (a.k.a AS/400, iseries, System I) systems are employed by a wide range of corporations prioritizing fault-free operation and high availability. Due to the peculiar nature of the operating system, the collection and forwarding of security logs for processing is hindered by a multitude of hardships, such as the lack of an open-source, syslog-based logging agent on the market in contrast to the Unix systems. The IBM I employs multiple different methods of collecting and storing security logs in custom formats.

IBM I LogAgent, presented by PR-AUDIT offers an easy to use solution for real-time forwarding of IBM I system logs. Furthermore, IBM I LogAgent performs pre-formatting of log stacks into the default syslog format (RFC 3164) and ensures secure forwarding of log stacks to a log collector server or to the SIEM solution.

Technical Guide

Automatic Collection and Forwarding of Events Pertaining to System Security

PR-AUDIT’s IBM I LogAgent ensures secure forwarding of log stacks to a log collector server or to the SIEM solution.IBM I LogAgent supports transmission of log stacks via an SSL channel. The product is capable of collecting logs from the System I’s security log (QAUDJRN), the system operator message line and from the system’s history log (QHST) and of converting logs from IBM’s custom format into syslog (RFC 3164) and Common Event Format (CEF).

High Performance Event Processing

Alliance Log Agent is capable of parsing more than 800 events per second, thus guaranteeing the pre-processing and forwarding of all entries resulting from even the highest security level logging of System I.