The Ultimate Guide to Mainframe Machine Data: Part 2
There are a number of different data sources that are available within the IBM z/OS® mainframe that can be leveraged to provide insight into the operational health of the system and applications as well as providing visibility into security and compliance issues. In part 1 of the Ultimate Guide to Mainframe Machine Data, we covered SMF Data, Syslog Data, and UNIX System Services Files. Part 2 covers Log4j Data, Syslog Daemon Data, SYSOUT Data, and RMF Data.
What is Log4j?
Log4j is one of several Java logging frameworks. Log4j is part of the Apache Logging Services project of the Apache Software Foundation and is used by Java applications like web-based components to record events occurring within their Java environment.
How is Log4j Used?
Analysis of Log4j messages can be performed to determine if web-applications and other Java-based applications running within the IBM z/OS Mainframe are experiencing problems which are impacting the application’s ability to deliver services in a timely manner. Log4j data can also be used to analyze activity trends within the application to understand peak periods and periods of low activity.
Syslog Daemon (syslogd) Data
What is syslogd?
Syslog daemon (syslogd) is a server process that runs in the z/OS UNIX (USS) environment to provide a mechanism for recording log and trace information from USS components and applications. A primary user of syslogd is the z/OS Communications Server. It’s components including TCP/IP server applications, FTP, and Network Security Services(NSS) to name a few, write messages and trace information to syslogd. syslogd is the open-systems platform version of system logging much like Syslog is for the IBM z/OS mainframe.
How is syslogd Used?
Analysis of syslogd messages can be used to look for issues that impact the z/OS UNIX operating environment of the system as well as to investigate network related issues and security threats.
What is SYSOUT?
In the IBM mainframe environment there is a Job Entry System (JES) which helps to manage the initiation/start and termination/end of each workload. One of the functions of JES is to manage output messages from the z/OS system related to the executing workload. These messages are typically directed to a SYSOUT dataset which resides on a SPOOL file managed by JES. An executing workload can also direct output from an application to SYSOUT. JES uses one or more disk data sets for spooling, which is the process of reading and writing input and output streams on auxiliary storage devices, concurrently with job execution, in a format convenient for later processing or output operations. SPOOL is an acronym that stands for Simultaneous Peripheral Operations Online.
How is SYSOUT Used?
SYSOUT output can be used in a variety of manners, however, the predominant use is for an application to direct some specific output to SYSOUT which can be captured and used for analytics. This can be anything from what types of functions or transactions are being performed most frequently, or what specific functions and activities are being used by specific or classes of users.
What is RMF?
The Resource Measurement Facility (RMF) is IBM’s strategic product for z/OS performance measurement and management. It collects performance data for the z/OS environment to monitor systems’ performance behavior. RMF data is used to optimally tune and configure the z/OS system.
How is RMF Data Used?
RMF has different data collectors and reporting mechanisms to address different use cases and requirements. One of the most critical components is RMF Monitor III (RMF III) – a short-term data collector for problem determination, workflow delay monitoring and goal attainment supervision. This is the information that is a critical z/OS data source for analytics platforms to be able to perform real-time problem determination and resolution for system performance issues and application delays. RMF Monitor I is a long-term data collector for all types of resources and workloads. Data collected by RMF Monitor I is logged to SMF and is mostly used for capacity planning and performance analysis. RMF Monitor I data can analyzed using the SMF type 7x records.
Splunk® and other analytics platforms make it simple to collect, analyze and act upon the untapped value of the big data generated by technology infrastructures, security systems and business applications — providing the insights to drive operational performance and business results. They typically collect and index log and machine data from any source and provide powerful search, analysis and visualization capabilities to empower users of all types. The problem is that most of these analytics platforms have no good connectors or mechanisms to get to mainframe logs and data sources.
Syncsort Ironstream® is the industry’s leading automatic forwarder of IBM z/OS mainframe log data to analytics platforms. With Ironstream, it is easy for Splunk, and other analytics platforms, to provide visibility into all systems — including the mainframe — from one integrated user interface.
Ironstream enables the analytics platform to provide total visibility into the IBM z/OS mainframe and the applications it supports. With Ironstream there is no need for special knowledge and expertise to correlate mainframe data with that coming from other platforms. Simply use Ironstream to collect z/OS data sources to open your IBM mainframe and enable your organization to address operational and security issues.
Download this eBook to learn more about Syncsort Ironstream® for IBM i and why it’s the industry’s most comprehensive automatic forwarder of IBM i machine and log data to analytics platforms.