IBM System forwarding SYSLOG Key Value Pairs logs

Our IBM system is reformatting security, database and other event log sources on the system into SYSLOG Key Value Pairs over TCP... then forwarding the events to SolarWinds SEM, but we cannot see these logs on SolarWinds. We also send the IBM logs in CEF format, but in either case, I believe the SolarWinds Device configuration option would make the most sense, since the IBM systems are handling the sending part and not acting as an Agent.  Or perhaps performing work of a SYSLOG node. What is the recommended way to configure these logs sources on our IBM system.

Parents
  • I should have added/included... what is the best way to configure SolarWinds to discovery our IBM system's event logs?

    Example of logs converted to SYSLOG Key Value Pairs:

    2021-01-20T18:22:48.5000-05:00 networkdescriptionip.com vendor=Enforcive product="Enterprise Security" version=8.3.9 app="IBM i System Audit" action_type="ZC-Object Accessed (change)" action="C-Change of an object" dhost=blank timestamp=2021-01-20-05.18.22.685000 duser=QSECOFR filePath=*N fname=*N filetype=*STMF program=QLESPI jobid=882245/QTMHHTTP/APCHSRV receiver=QSYS/Q20E003576 src=dst=10.232.28.25 msg=Type_of_Entry:C Object_Name=*N/*N Type=*STMF Access_Type="07 Change" Access_Specific_Data=O ASP_Name=QASP01 ASP_Number=00001 Path_Name_Country=US Path_Name_Language=ENU Path_Name_Indicator=Y Path_Name="/usr/local/zendsvr7/var/db/zsd.db-journal" rt=2021-01-20-10.18.22.685000

Reply
  • I should have added/included... what is the best way to configure SolarWinds to discovery our IBM system's event logs?

    Example of logs converted to SYSLOG Key Value Pairs:

    2021-01-20T18:22:48.5000-05:00 networkdescriptionip.com vendor=Enforcive product="Enterprise Security" version=8.3.9 app="IBM i System Audit" action_type="ZC-Object Accessed (change)" action="C-Change of an object" dhost=blank timestamp=2021-01-20-05.18.22.685000 duser=QSECOFR filePath=*N fname=*N filetype=*STMF program=QLESPI jobid=882245/QTMHHTTP/APCHSRV receiver=QSYS/Q20E003576 src=dst=10.232.28.25 msg=Type_of_Entry:C Object_Name=*N/*N Type=*STMF Access_Type="07 Change" Access_Specific_Data=O ASP_Name=QASP01 ASP_Number=00001 Path_Name_Country=US Path_Name_Language=ENU Path_Name_Indicator=Y Path_Name="/usr/local/zendsvr7/var/db/zsd.db-journal" rt=2021-01-20-10.18.22.685000

Children
No Data