briteskies-knowledge-base

IBM i + Syslog Format

November 2017

IBM i syslog.jpgDespite it's reputation as a traditionally "safe" environment, IT security on IBM i should be a high priority for anyone running the platform. And while IBM i is a relatively safe platform, we need to change our mindset around IT security from IBM i being the “most secure” platform to the “most securable” platform.

Too many companies leave the proverbial key under the doormat. You can have the most secure deadbolt on the market, but if you make the key accessible it doesn’t matter. Likewise, IBM i can easily become insecure if your organization doesn’t intentionally design and implement a plan for information security.

Best IT security practices indicate that organizations should be running a SIEM (Security Information and Event Management) application or a system that is monitored by an SOC (information Security Operations Center). A SIEM uses syslog format to digest and parse information that it receives.

Traditionally, IBM i did not inherently translate IBM i logs into syslog format, so organizations using IBM i needed to purchase a third-party product to do the translation. Some companies who have implemented a SIEM have chosen to skip over the IBM i server because they didn’t want to pay that extra cost to provide a conduit between IBM i and that SIEM.

Luckily, IBM has recognized this security need and provided a less expensive option to include IBM i logs in a SIEM. As of IBM i 7.2 and with the release of DB2 support, IBM i can now export History log and Audit journal to syslog.

Similarly to the IBM i 7.1 support announcement, IBM quietly announced this support update. You can find more information here.  Speaking of IBM i 7.1, the syslog support is only available via DB2 PTF enhancements in IBM i 7.2 and beyond.

Syslog format is especially helpful when running security audits, a practice that all companies should be doing relatively frequently to help maintain their system security. 

Interested in learning more about securing your IBM i environment? Visit our security resource page or click below to contact our team.

Learn more about securing your  IBM i environment

A Great Offer, Just a Click Away

Lorem ipsum dolor sit amet, consectetur adipiscing elit

Subscribe by Email

No Comments Yet

Let us know what you think