Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to send data from IBM AS400 to Splunk via syslog?

Afef
Communicator
‎04-30-2015 02:48 AM

I want to create a connectivity between splunk enterprise and AS400. I tried to send logs via syslog, but Splunk didn’t receive any data.

Could you help me please?

Thanks

Tags (4)
Reply

garapathis
New Member
‎07-25-2018 08:17 PM

can you please help me understand how to send system audit log to syslog server.
I am new to splunk and trying to understand how to basically access AS400 from splunk.,Can someone please help me on how we can send the system audit log to a syslog server .....

0 Karma
Reply

micahkemp
Champion
‎07-25-2018 09:34 PM

@garapathis,

This question is over 3 years old, and is unlikely to attract sufficient attention to answer any question you may have. I suggest submitting a new question.

0 Karma
Reply

bryanmdietz
Engager
‎07-19-2018 02:43 PM

If your IBM I system is at newer releases, V7.2 or V7.3 and fairly current on PTF's you can send the system audit log to a syslog server.
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

and the QHST history log:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

0 Karma
Reply

bryanmdietz
Engager
‎07-19-2018 02:42 PM

If your IBM i is at newer releases, V7.2 or V7.3 and fairly current on PTF's you can send the system audit log to a syslog server.
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

and the QHST history log:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Update...

Reply

gwalford
Path Finder
‎09-15-2015 02:11 PM

The best answer to this question I have seen is to use a third-party application that runs on the iSeries and converts the iSeries data to Syslog in key value pairs - Splunk then ingests this Syslog data. Since it is Key Value paired Splunk easily ingests the data and provides a near to real time integration.

Realistically, you are looking at anywhere between 5 to 30 seconds of log delay due to queuing from the iSeries systems. However, even with this delay you gain hours of speed over a direct database export every 8 hours or so - it also impacts your Splunk license a lot less.

Reply

vganjare
Builder
‎04-30-2015 03:08 AM

Hi,

Can this help?

http://answers.splunk.com/answers/25008/as400-for-splunk-app-how-is-data-collected-on-the-as-400.htm...

Thanks!!

0 Karma
Reply

Afef
Communicator
‎04-30-2015 03:13 AM

Hi,

Thanks. I tried that but no i can't data in 😕

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top