6.6.1. Starting the Alliance subsystem

After configuring the global options and a TCP communications client, you must start the Alliance subsystem ALLSYL100 to start collecting logs. On the configuration menu take the option to Start Syslog Subsystem. The following panel is displayed:

Figure 6.6. Start sending logs to the syslog-ng server

Press Enter to start the subsystem. Depending on the configuration options you have selected, the following jobs will appear in the subsystem:

OPER_MESG: extracts messages from QSYSOPR and sends to the internal Syslog queue.
QAUDJRN: extracts audit journal entries and sends to the internal Syslog queue.
SYSLOG (2 instances): receives Syslog messages from the Syslog queue and uses TCP or SSL/TLS TCP to send to a local or remote instance of Syslog-ng server.

You can use options on the Configuration menu to view active jobs in the Alliance ALLSYL100 subsystem, and to end the subsystem. You can also end the subsystem ALLSYL100 manually using the End Subsystem (ENDSBS) command with the *IMMED option.

	Note
	The first time you start the Alliance subsystem the audit journal and operator message queue processes will begin collecting information starting from the earliest message. If there is a substantial amount of history in the journal or message queue it may take time for these messages to be sent to the syslog-ng server.

Prev	Up	Next
6.6. Controlling the syslog-ng Agent for IBM System i	Home \| Contents	6.6.2. Automating the start of the Alliance subsystem ALLSYL100

The syslog-ng 3.0 Administrator Guide

Document version: Thirteenth
Release date: September 23, 2010
Latest version available at the BalaBit Documentation Page