Correlog Agent for IBM z/OS
The CorreLog Agent for IBM z/OS DSM for IBM QRadar can collect event logs from your IBM z/OS servers.
The following table identifies the specifications for the CorreLog Agent for IBM z/OS
DSM:
| Specification | Value |
|---|---|
| Manufacturer | CorreLog |
| DSM name | CorreLog Agent for IBM z/OS |
| RPM file name | DSM-CorreLogzOSAgent_qradar-version_build-number.noarch.rpm |
| Supported versions |
7.1 7.2 |
| Protocol | Syslog LEEF |
| QRadar recorded events | All events |
| Automatically discovered | Yes |
| Includes identity | No |
| Includes custom event properties | No |
| More information | Correlog website (https://correlog.com/solutions-and-services/sas-correlog-mainframe.html) |
To integrate CorreLog Agent for IBM z/OS DSM with QRadar, complete
the following steps:
- If automatic updates are not enabled, download and install the most recent CorreLog Agent for IBM z/OS RPM from the IBM® Support Website onto your QRadar Console.
- For each CorreLog Agent instance, configure your CorreLog Agent system to enable communication with QRadar.
- If QRadar
does not automatically discover the DSM, create a log source on the QRadar Console for each CorreLog
Agent system you want to integrate. Configure all the required parameters, but use the following
table for specific Correlog values:
Parameter Description Log Source Type CorreLog Agent for IBM zOS Protocol Configuration Syslog