Hello from an avid "Guest" who has just now decided to create an account.
I have received so much help from these forums as an unregistered guest, I would like to give back a little, and I was wondering about the amount of interest there would be in my first full-production tool I developed from the ground up.
What is it? Ive called it (temporarilly at least until I can become more creative) SyslogI and it is a Java program which formats the entries as they are written to the QHST log into proper Syslog messages and then forwards the messages to your centralized Logging server. The need for this program came from my institution's need to satisfy central logging requirements set forth by the auditors. We were already logging messages from all other servers to a central server as well as our network devices, and needed to do the same with the Iseries for things like login failures, system errors and the like.
So I came up with an idea that I would use the syslogD utility included in the Iseries PASE environment. However, this did not fully pan out, as it really didnt log any messages at all due to the iseries not having native 'hooks' into SyslogD.
So I built a Java Syslog daemon as well as a qhst monitor/processor to format what is in the qhst logs properly, assign a severity code based on what IBM assigns (00 - 99) and then forward a proper RFC compliant message to our collector.
I am about to enter into production testing, and as I do this it occurred to me that others might be in need of a similar product, and in a similar situation where their institution is not able to fork over the thousands of dollars which current offerings require.
To be sure, what I have at current is not near as robust as some of the more "Commercial" offerings, however it does offer a step in the right direction, (Adding proper rules in say Kiwi can monitor for specifically login failures to satisfy HIPPA and other compliances) and I was wondering if I were to release it to the community at large, would there be enough interest?
Thanks for your comments and Ideas. I look forward to everyone's response.
Lee
I have received so much help from these forums as an unregistered guest, I would like to give back a little, and I was wondering about the amount of interest there would be in my first full-production tool I developed from the ground up.
What is it? Ive called it (temporarilly at least until I can become more creative) SyslogI and it is a Java program which formats the entries as they are written to the QHST log into proper Syslog messages and then forwards the messages to your centralized Logging server. The need for this program came from my institution's need to satisfy central logging requirements set forth by the auditors. We were already logging messages from all other servers to a central server as well as our network devices, and needed to do the same with the Iseries for things like login failures, system errors and the like.
So I came up with an idea that I would use the syslogD utility included in the Iseries PASE environment. However, this did not fully pan out, as it really didnt log any messages at all due to the iseries not having native 'hooks' into SyslogD.
So I built a Java Syslog daemon as well as a qhst monitor/processor to format what is in the qhst logs properly, assign a severity code based on what IBM assigns (00 - 99) and then forward a proper RFC compliant message to our collector.
I am about to enter into production testing, and as I do this it occurred to me that others might be in need of a similar product, and in a similar situation where their institution is not able to fork over the thousands of dollars which current offerings require.
To be sure, what I have at current is not near as robust as some of the more "Commercial" offerings, however it does offer a step in the right direction, (Adding proper rules in say Kiwi can monitor for specifically login failures to satisfy HIPPA and other compliances) and I was wondering if I were to release it to the community at large, would there be enough interest?
Thanks for your comments and Ideas. I look forward to everyone's response.
Lee
Comment