Getting Data In

How to send data from IBM AS400 to Splunk via syslog?

Afef
Communicator

I want to create a connectivity between splunk enterprise and AS400. I tried to send logs via syslog, but Splunk didn’t receive any data.

Could you help me please?

Thanks

Tags (4)

garapathis
New Member

can you please help me understand how to send system audit log to syslog server.
I am new to splunk and trying to understand how to basically access AS400 from splunk.,Can someone please help me on how we can send the system audit log to a syslog server .....

0 Karma

micahkemp
Champion

@garapathis,

This question is over 3 years old, and is unlikely to attract sufficient attention to answer any question you may have. I suggest submitting a new question.

0 Karma

bryanmdietz
Engager

If your IBM I system is at newer releases, V7.2 or V7.3 and fairly current on PTF's you can send the system audit log to a syslog server.
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

and the QHST history log:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

0 Karma

bryanmdietz
Engager

If your IBM i is at newer releases, V7.2 or V7.3 and fairly current on PTF's you can send the system audit log to a syslog server.
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

and the QHST history log:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

gwalford
Path Finder

The best answer to this question I have seen is to use a third-party application that runs on the iSeries and converts the iSeries data to Syslog in key value pairs - Splunk then ingests this Syslog data. Since it is Key Value paired Splunk easily ingests the data and provides a near to real time integration.

Realistically, you are looking at anywhere between 5 to 30 seconds of log delay due to queuing from the iSeries systems. However, even with this delay you gain hours of speed over a direct database export every 8 hours or so - it also impacts your Splunk license a lot less.

vganjare
Builder
0 Karma

Afef
Communicator

Hi,

Thanks. I tried that but no i can't data in 😕

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...