Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

IBM OS400 Server

IBM OS400 Server

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

Syslog

General logs including Authentication Success/Failure, Privileged logons, User/Group Modification

Security Monitoring and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "os400" to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Syslog

FortiSIEM parses IBM OS 400 logs received via the PowerTech Agent as described here. The PowerTech agent sends syslog to FortiSIEM.

Sample Parsed IBM OS400 Syslog Messages

Mar 18 17:49:36 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0603|A File Server transaction was allowed for user JOHNDOE.|2| src =10.0.1.60 dst =10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QPWFSERVSO JUSER :JOHNDOE JNBR :025355 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: OB JOHNDOE *FILESRV CRTSTRMFIL QPWFSERVSO LNS0811 000112 00023 /home/JOHNDOE/subfolder

Mar 18 17:48:36 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0604|A File Server transaction was allowed for user JOHNDOE.|2| src =10.0.1.60 dst =10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QPWFSERVSO JUSER :JOHNDOE JNBR :025355 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: OB JOHNDOE *FILESRV DLTSTRMFIL QPWFSERVSO LNS0811 000112 00025 /home/JOHNDOE/BoardReport

Mar 18 17:53:00 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0703|A System i FTP Client transaction was allowed for user JOHNDOE.|3| src =10.0.1.180 dst =10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QTFTP00149 JUSER :JOHNDOE JNBR :029256 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: ST JOHNDOE *FTPCLIENT DELETEFILE QTFTP00149 LNS0811 000112 00033 /QSYS.LIB/PAYROLL.LIB/NEVADA.FILE

IBM OS400 Server

IBM OS400 Server

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

Syslog

General logs including Authentication Success/Failure, Privileged logons, User/Group Modification

Security Monitoring and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "os400" to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Syslog

FortiSIEM parses IBM OS 400 logs received via the PowerTech Agent as described here. The PowerTech agent sends syslog to FortiSIEM.

Sample Parsed IBM OS400 Syslog Messages

Mar 18 17:49:36 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0603|A File Server transaction was allowed for user JOHNDOE.|2| src =10.0.1.60 dst =10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QPWFSERVSO JUSER :JOHNDOE JNBR :025355 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: OB JOHNDOE *FILESRV CRTSTRMFIL QPWFSERVSO LNS0811 000112 00023 /home/JOHNDOE/subfolder

Mar 18 17:48:36 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0604|A File Server transaction was allowed for user JOHNDOE.|2| src =10.0.1.60 dst =10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QPWFSERVSO JUSER :JOHNDOE JNBR :025355 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: OB JOHNDOE *FILESRV DLTSTRMFIL QPWFSERVSO LNS0811 000112 00025 /home/JOHNDOE/BoardReport

Mar 18 17:53:00 ROBINSON CEF :0|PowerTech|Interact|2.0|UNA0703|A System i FTP Client transaction was allowed for user JOHNDOE.|3| src =10.0.1.180 dst =10.0.1.180 msg=TYPE:JRN CLS :AUD JJOB :QTFTP00149 JUSER :JOHNDOE JNBR :029256 PGM :PLKR108JEL OBJECT : LIBRARY : MEMBER: DETAIL: ST JOHNDOE *FTPCLIENT DELETEFILE QTFTP00149 LNS0811 000112 00033 /QSYS.LIB/PAYROLL.LIB/NEVADA.FILE