IBM
IBM normalizes IBM events and enables you to analyze the data using pre-set dashboard views. You can further customize the dashboard and searches to perform in-depth analysis.
Package Details
The application consist of the following components:
-
Dashboard Packages
- LP_iSeries
- LP_IBM IMM
- LP_ZOS
-
Normalization Packages
- LP_IBM IMM Generic
- LP_IBM iSeries
- LP_IBM IMM
- LP_IBM Z/OS Process
- LP_IBM Z/OS
- LP_IBM Mainframe
- LP_IBM AS 400
-
Compiled Normalizers
- IBMAS400CompiledNormalizer
- IBMDominoCompiledNormalizer
- IBMInformixNormalizer
- IBMMainframeCompiledNormalizer
- LotusServerCompiledNormalizer
Enhancement
A minor update has been done in the application’s normalizer for better signature handling.
Installation
Follow these steps to install the IBM v5.0.1 application:
- Download the IBM package from the Download section above.
- Add IBM as the required device in LogPoint.
- Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
- Add the dashboard.
Screenshot
Supported Devices
The supported devices of IBM with LogPoint in this configuration are:
- IBM Iseries
- IBM Z/OS Communications Server v2.01
- IBM Integrated Management Module (IMM) firmware version: 4.31
Log Samples
IBM Iseries
Expected Log FormatCEF
Log Sample
<162>Mai 11 17:52:26 AS400 CEF:0!PxxxxTxxxx!Interact!3.1!TAD0015!Auditing was changed to *NONE for bytestream file *N/*N /AvisVirm/APDPEXR6/AITELBACHA/060556_000388_AVISVIRM_05112016_000001.PDF using the CHGAUD command.!2!src=192.168.x.x dst=192.168.x.xxx msg=TYPE:JRN CLS:AUD JJOB:MAILAVIS JUSER:QSPLJOB JNBR:058237 PGM:QCMD OBJECT: LIBRARY: MEMBER: DETAIL:O *N *N *STMF *NONE 0192.168.7.10500 * * *NA /AvisVirm/APDPEXR6/AITELBACHA/060556_000388_AVISVIRM_05112016_000001.PDF
IBM Z/OS Communications Server
Expected Log Format
Syslog
Log Sample
<30>Sep 7 10:39:45 ftpd[33555151]: EZYFS50I ID=FTPDxxxxxxx CONN starts Client IPaddr=1.1.1.1 hostname=abc@xyz.com
IBM Integrated Management Module
Expected Log Format
key-value pair
Log Sample
<14> Server MTM: 7915C3K Alert Text: Remote Login Successful. Login ID: Logpoint from webguis at IP address xx.xxx.xx.xx. Type of Alert: System - Remote Login Severity: 4 Date(m/d/y): 01/05/2017 Time(h:m:s): 08:16:37 Contact: Location: IMM Text ID: Logpoint IMM Serial Number: 06CVRCB IMM UUID: xxxxxxxx31A1bbb6040F2E9ddd902 Event ID: 4000000e00000000 Serviceable Event Indicator: Not Serviceable FRU list: Not available Room ID: Not available Rack ID: Not available Lowest U-position: 0 Blade Bay: Not available Test Alert: no Auxiliary Data: Not available
To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.
Package Details
The application consist of the following components:
-
Dashboard Packages
- LP_iSeries
- LP_IBM IMM
- LP_ZOS
-
Normalization Packages
- LP_IBM IMM Generic
- LP_IBM iSeries
- LP_IBM IMM
- LP_IBM Z/OS Process
- LP_IBM Z/OS
- LP_IBM Mainframe
- LP_IBM AS 400
-
Compiled Normalizers
- IBMAS400CompiledNormalizer
- IBMDominoCompiledNormalizer
- IBMInformixNormalizer
- IBMMainframeCompiledNormalizer
Enhancement
A minor update has been done in the application’s normalizer for better signature handling.
Installation
Follow these steps to install the IBM v3.5.0 application:
- Download the IBM package from the Download section above.
- Add IBM as the required device in LogPoint.
- Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
- Add the dashboard.
Screenshot
Supported Devices
The supported devices of IBM with LogPoint in this configuration are:
- IBM Iseries
- IBM Z/OS Communications Server v2.01
- IBM Integrated Management Module (IMM) firmware version: 4.31
Log Samples
IBM Iseries
Expected Log Format
CEF
Log Sample
<162>Mai 11 17:52:26 AS400 CEF:0!PxxxxTxxxx!Interact!3.1!TAD0015!Auditing was changed to *NONE for bytestream file *N/*N /AvisVirm/APDPEXR6/AITELBACHA/060556_000388_AVISVIRM_05112016_000001.PDF using the CHGAUD command.!2!src=192.168.x.x dst=192.168.x.xxx msg=TYPE:JRN CLS:AUD JJOB:MAILAVIS JUSER:QSPLJOB JNBR:058237 PGM:QCMD OBJECT: LIBRARY: MEMBER: DETAIL:O *N *N *STMF *NONE 0192.168.7.10500 * * *NA /AvisVirm/APDPEXR6/AITELBACHA/060556_000388_AVISVIRM_05112016_000001.PDF
IBM Z/OS Communications Server
Expected Log Format
Syslog
Log Sample
<30>Sep 7 10:39:45 ftpd[33555151]: EZYFS50I ID=FTPDxxxxxxx CONN starts Client IPaddr=1.1.1.1 hostname=abc@xyz.com
IBM Integrated Management Module
Expected Log Format
key-value pair
Log Sample
<14> Server MTM: 7915C3K Alert Text: Remote Login Successful. Login ID: Logpoint from webguis at IP address xx.xxx.xx.xx. Type of Alert: System - Remote Login Severity: 4 Date(m/d/y): 01/05/2017 Time(h:m:s): 08:16:37 Contact: Location: IMM Text ID: Logpoint IMM Serial Number: 06CVRCB IMM UUID: xxxxxxxx31A1bbb6040F2E9ddd902 Event ID: 4000000e00000000 Serviceable Event Indicator: Not Serviceable FRU list: Not available Room ID: Not available Rack ID: Not available Lowest U-position: 0 Blade Bay: Not available Test Alert: no Auxiliary Data: Not available
To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.
Support
If you have any queries or require assistance, please feel free to contact our support team:
Email: servicedesk@logpoint.com
Phone: +45 7060 6100
Best regards,
Comments
Article is closed for comments.