IBM® QRadar® collects detailed audit events from Cilasoft QJRN/400® software for IBM i.
To collect events, administrators can configure Cilasoft QJRN/400 to forward events with syslog, or optionally configure the integrated file system (IFS) to write events to a file. Syslog provides real-time events to QRadar and provides automatic log source discovery for administrators, which is the easiest configuration method for event collection. The IFS option provides an optional configuration to write events to a log file, which can be read remotely by using the log file protocol. QRadar supports syslog events from Cilasoft QJRN/400 V5.14.K and later.
To configure Cilasoft QJRN/400, complete the following tasks:
- On your Cilasoft QJRN/400 installation, configure the Cilasoft Security Suite to forward syslog events to QRadar or write events to a file.
- For syslog configurations, administrators can verify that the events forwarded by Cilasoft QJRN/400 are automatically discovered on the Log Activity tab.
Cilasoft QJRN/400 configurations that use IFS to write event files to disk are considered an alternative configuration for administrators that cannot use syslog. IFS configurations require the administrator to locate the IFS file and configure the host system to allow FTP, SFTP, or SCP communications. A log source can then be configured to use the log file protocol with the location of the event log file.