All Apps and Add-ons

AS400 iSeries app/collection?

dondky
Path Finder

Hello, I wanted to know if anyone is using splunk with their as400/iseries. We want to gather QAUDJRN, QSYSOPR, QHST data and performance data. The catch is we would like to do it without purchasing a third party agent that forwards this data for another 4k. I was thinking some type of scripted input?

Tags (1)
1 Solution

stanwin
Contributor

Anyone aware if there is a open source version of syslog agent for AS400.. Seems developing a bespoke syslog tool (as mentioned by southeringtonp ) or using the licensed ones is only option?

0 Karma

dondky
Path Finder

This looks awesome. We are evaluating a iSeries syslog-ng AUDJRN exporter and hopefully we can utilize this app.

0 Karma

clyde772
Communicator

I have also the same task where I have to pull AS400 information. I was basically told to manage an AS400. The problem is I don't know what to montior.

I was able to get data using expect, some command, but i don't know if what I am doing is enough.

How is you application looking?

0 Karma

dondky
Path Finder

Thanks southeringtonp, responses were very helpful. I have been thinking of working to screen scraping and pexpect looks awesome. We can also dump to a nfs mount that could also be indexed. My guess is I'll probably be going down the screen scrape route.

0 Karma

southeringtonp
Motivator

I'm certainly no iSeries expert, but since nobody else has chimed in...

Without a third-party agent, your options are limited. A couple of possibilities:

  • Screen-scraping

    If you want to use a scripted input to screen-scrape the connection, you can leverage the pexpect Python library to help interact with the telnet (or whatever) session. pexpect is not included with Splunk, but will work fine if you place the Python libraries in the same directory as your script.

  • Dump to a file, then retrieve

    If you can dump the contents of each of the logs you're interested in to a flat file, it's not so bad. You can use a cron job to copy the files from IFS/FTP/etc. to a path Splunk indexes, and pick it up from there. Or, you can have Splunk retrieve the file directly as a scripted input.

  • Roll your own syslog forwarder.

    PASE evidently has syslog support, and it looks like there's some sort of API structure (QjoRetrieveJournalEntries?) available for accessing the contents of these.

Given the cost of a Splunk Enterprise license, realistically it may be worth it to just go for the extra $4k for the 3rd-party forwarder (syslog-ng, PowerTech, etc.).

Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...