IBM i
The IBM QRadar DSM for IBM i, formerly known as AS/400® iSeries, collects audit records and event information from IBM i systems.
The following table identifies the specifications for the IBM i DSM:
Specification | Value |
---|---|
Manufacturer | IBM® |
DSM name | IBM i |
Supported versions | 5R4 |
RPM file name | DSM-IBMi-QRadar_version-build_number.noarch.rpm |
Protocol | Log File Protocol Syslog |
Event Format |
|
Recorded event types | Audit records and events |
Automatically discovered? | No |
Includes identity? | Yes |
Includes custom properties? | No |
More information | IBM website (http://www.ibm.com/) |
To collect events from IBM i
systems, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the IBM i DSM RPM from the IBM Support Website onto your QRadar Console.
- Configure your IBM i system to communicate with QRadar.
- Add an IBM i log source on the QRadar Console by using the
following table to configure the parameters that are required to collect IBM i events:
Table 2. IBM i log source parameters Parameter Value Log Source Type IBM i Protocol Configuration Log File If you are using the PowerTech Interact or LogAgent for System i® software to collect CEF formatted syslog messages, you must select the Syslog option
Service Type Secure File Transfer Protocol (SFTP)
For more information about configuring parameters for the Log File protocol, see Log File protocol configuration options.