I have also the same task where I have to pull AS400 information. I was basically told to manage an AS400. The problem is I don't know what to montior.

I was able to get data using expect, some command, but i don't know if what I am doing is enough.

How is you application looking?

Thanks southeringtonp, responses were very helpful. I have been thinking of working to screen scraping and pexpect looks awesome. We can also dump to a nfs mount that could also be indexed. My guess is I'll probably be going down the screen scrape route.

I'm certainly no iSeries expert, but since nobody else has chimed in...

Without a third-party agent, your options are limited. A couple of possibilities:

• Screen-scraping

  If you want to use a scripted input to screen-scrape the connection, you can leverage the pexpect Python library to help interact with the telnet (or whatever) session. pexpect is not included with Splunk, but will work fine if you place the Python libraries in the same directory as your script.

• Dump to a file, then retrieve

  If you can dump the contents of each of the logs you're interested in to a flat file, it's not so bad. You can use a cron job to copy the files from IFS/FTP/etc. to a path Splunk indexes, and pick it up from there. Or, you can have Splunk retrieve the file directly as a scripted input.

• Roll your own syslog forwarder.

  PASE evidently has syslog support, and it looks like there's some sort of API structure (QjoRetrieveJournalEntries?) available for accessing the contents of these.

Given the cost of a Splunk Enterprise license, realistically it may be worth it to just go for the extra $4k for the 3rd-party forwarder (syslog-ng, PowerTech, etc.).