IBM OS400 Server
- What is Discovered and Monitored
- Event Types
- Rules
- Reports
- Configuration
- Sample Parsed IBM OS400 Syslog Messages
What is Discovered and Monitored
Protocol |
Information Discovered |
Metrics collected |
Used for |
---|---|---|---|
Syslog |
General logs including Authentication Success/Failure, Privileged logons, User/Group Modification |
Security Monitoring and Compliance |
Event Types
In ADMIN > Device Support > Event Types, search for "os400" to see the event types associated with this device.
Rules
There are no predefined rules for this device.
Reports
There are no predefined reports for this device.
Configuration
Syslog
FortiSIEM parses IBM OS 400 logs received via the PowerTech Agent as described here. The PowerTech agent sends syslog to FortiSIEM.
Sample Parsed IBM OS400 Syslog Messages
Mar 18 17:49:36 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0603|A File Server transaction was allowed for user JOHNDOE.|2| src =10.0.1.60 dst =10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QPWFSERVSO JUSER :JOHNDOE JNBR :025355 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: OB JOHNDOE *FILESRV CRTSTRMFIL QPWFSERVSO LNS0811 000112 00023 /home/JOHNDOE/subfolder Mar 18 17:48:36 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0604|A File Server transaction was allowed for user JOHNDOE.|2| src =10.0.1.60 dst =10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QPWFSERVSO JUSER :JOHNDOE JNBR :025355 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: OB JOHNDOE *FILESRV DLTSTRMFIL QPWFSERVSO LNS0811 000112 00025 /home/JOHNDOE/BoardReport Mar 18 17:53:00 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0703|A System i FTP Client transaction was allowed for user JOHNDOE.|3| src =10.0.1.180 dst =10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QTFTP00149 JUSER :JOHNDOE JNBR :029256 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: ST JOHNDOE *FTPCLIENT DELETEFILE QTFTP00149 LNS0811 000112 00033 /QSYS.LIB/PAYROLL.LIB/NEVADA.FILE