Table of Contents

Preface

1. Summary of contents

2. Target audience and prerequisites

3. Products covered in this guide

4. Typographical conventions

5. Contact and support information

5.1. Sales contact

5.2. Support contact

5.3. Training

6. About this document

6.1. Feedback

1. Introduction to syslog-ng Agent for IBM System i

1.1. The Syslog data standard

1.2. The Common Event Format standard

1.3. System i security audit journal QAUDJRN

1.4. System i QHST history log

1.5. System i operator messages

1.6. User auditing

1.7. User-generated logs

1.8. Filtering log entries

1.9. Apache, Websphere, OpenSSH, PHP, Perl, and MySQL server logs

1.10. Syslog-ng server for System i

1.11. Syslog-ng – the new standard for syslog processing

1.12. Security information management

2. Installation of syslog-ng Agent for IBM System i

2.1. Pre-requisites

2.2. Installing from an Internet download

2.3. Upgrading syslog-ng Agent for IBM System i

2.4. Reverting to a previous version after an upgrade

2.5. License codes

2.6. Historical QAUDJRN messages

3. Configuring syslog-ng Agent security audit journaling

3.1. Create the security journal receiver

3.2. Create the QAUDJRN journal

3.3. Change the system values for auditing

3.4. Auditing privileged user profiles

3.5. Auditing database files access

3.6. Auditing program access

3.7. Establish the audit end action system value

3.8. Forcing journal entries to auxiliary storage

3.9. Start security journal auditing

4. Configuring syslog-ng Agent for IBM System i

4.1. Displaying the main menu SYMAIN

4.2. Configuring syslog-ng Agent for IBM System i

4.3. Configuring TCP client communications

4.4. Work with security types

4.5. Edit syslog-ng configuration

4.6. Work with user audit

4.7. Work with QSYSOPR severities

4.8. Change QAUDJRN Starting Point

4.9. Starting the Alliance subsystem

4.9.1. Automating the start of the Alliance subsystem ALLSYL100

4.10. Application maintenance

4.11. View application logs

5. Send To Syslog (SNDSYSLOG) command

6. Send To CEF log (SNDCEFLOG) command

7. Procedure ALLSysLog

8. Procedure ALLSysLog

9. Configuring IBM System i Servers

9.1. Configuring Apache server logs

9.2. OpenSSH server logs

9.3. Other server logs

10. Problem determination

10.1. System operator messages

10.2. Application logging

Appendix 1. QAUDJRN entry type mappings for CEF

Appendix 2. BalaBit syslog-ng Premium Edition License contract

2.1. SUBJECT OF THE License CONTRACT

2.2. DEFINITIONS

2.3. Words and expressions

2.4. LICENSE GRANTS AND RESTRICTIONS

2.5. SUBSIDIARIES

2.6. INTELLECTUAL PROPERTY RIGHTS

2.7. TRADE MARKS

2.8. NEGLIGENT INFRINGEMENT

2.9. INTELLECTUAL PROPERTY INDEMNIFICATION

2.10. LICENSE FEE

2.11. WARRANTIES

2.12. DISCLAIMER OF WARRANTIES

2.13. LIMITATION OF LIABILITY

2.14. DURATION AND TERMINATION

2.15. AMENDMENTS

2.16. WAIVER

2.17. SEVERABILITY

2.18. NOTICES

2.19. MISCELLANEOUS

Appendix 3. Creative Commons Attribution Non-commercial No Derivatives (by-nc-nd) License

Glossary