IBM i

The IBM QRadar DSM for IBM i, formerly known as AS/400® iSeries, collects audit records and event information from IBM i systems.

The following table identifies the specifications for the IBM i DSM:
Table 1. IBM i DSM specifications
Specification Value
Manufacturer IBM®
DSM name IBM i
Supported versions 5R4
RPM file name DSM-IBMi-QRadar_version-build_number.noarch.rpm
Protocol Log File Protocol

Syslog

Event Format
  • Common Event Format (CEF) - CEF:0 is supported.
  • Log Event Extended Format (LEEF) - LEEF:1.0 is supported.
Recorded event types Audit records and events
Automatically discovered? No
Includes identity? Yes
Includes custom properties? No
More information IBM website (http://www.ibm.com/)
To collect events from IBM i systems, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the IBM i DSM RPM from the IBM Support Website onto your QRadar Console.
  2. Configure your IBM i system to communicate with QRadar.
  3. Add an IBM i log source on the QRadar Console by using the following table to configure the parameters that are required to collect IBM i events:
    Table 2. IBM i log source parameters
    Parameter Value
    Log Source Type IBM i
    Protocol Configuration Log File

    If you are using the PowerTech Interact or LogAgent for System i® software to collect CEF formatted syslog messages, you must select the Syslog option

    Service Type Secure File Transfer Protocol (SFTP)

For more information about configuring parameters for the Log File protocol, see Log File protocol configuration options.