Cyber-gumshoes — sometimes known as systems administrators —have a range of tools to choose from when tracking down evildoers or setting up roadblocks or just diagnosing run-of-the-mill hang-ups. They include Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), heuristic analysis programs, firewall logs, router logs… and all manner of filtering routines. Not to mention the good old system log, or syslog, which is generally the first stop in searches for diagnostic information on something that’s gone wrong.
An overarching problem, however, is the sheer massiveness of log data that can be generated by growing numbers of sources and ever more complex networks. Most network equipment, such as switches and routers, most firewalls and web servers — all can send a steady avalanche of log data to various files. What to make of it all is the question. And there’s a natural tendency, when things would be overwhelming to deal with, to ignore it. Which, of course, is a mistake when security or service continuity is at risk.
Fortunately there have evolved relatively inexpensive Big Data platforms — e.g., Hadoop, Spark, and Splunk — that permit even modestly endowed Incident Response Teams to sift through huge log files and to zero-in quickly on anomalous situations, then correlate those findings with other performance measures to diagnose and resolve problems.
Even so, a great deal of critical log information can often go uninspected simply because it resides on that imposing chunk of big iron — IBM’s z System — in the glass house. This confronts most managers of open distributed networks with what has long been a formidable language barrier.
It is precisely that barrier that Syncsort has demolished with its Ironstream® products. Ironstream translates and forwards z/OS log data for easy consumption by Splunk users in the open systems environment. Now, too, there’s a free “starter edition” of Ironstream available. This starter edition translates and forwards data from the Syslog only—none of the other 200-plus storage bins (log types) that comprise the System Management Facility (SMF) of z/OS.
Sure, those other bins hold vital information as well, but Syslog is the Grand Central Station of z/OS log data, so it’s the appropriate spot for giving curious sleuths an idea of what Ironstream can do.