Log Forwarding with Ironstream for Splunk

Over the past several years, Splunk has become a definitive leader in analyzing log data, giving its customers the power to turn the insights from this machine data into action. Splunk enables users to analyze and visualize this data in a single view, revolutionizing the way organizations discover security threats, monitor compliance requirements, and find (and fix) IT infrastructure problems across their enterprise.

Logs and log forwarding

A log is simply a file containing information about events, processes and messages generated by software, operating systems and programs. While they might seem mundane, these logs form an immutable record of all activity across the business. There’s significant value in this data if you can collect and make sense of it all. However, the massive volume and complexity of this type of data makes it very difficult to do without specialized tools. That’s the benefit that Splunk provides.

In order for Splunk to work its magic, the logs must be collected from all the systems, networks and applications across the enterprise, and forwarded to the Splunk platform. However, Splunk does not offer native connectivity to two very important systems that existing in thousands of organizations around the world – including the majority of the Fortune 100 – the mainframe and IBM i.

How to forward mainframe and IBM i logs to Splunk

In 2014, Splunk and Precisely formed an alliance to solve the challenge of integrating mainframe log data with operational data collected from elsewhere in the enterprise. With decades of experience working with mainframes, Precisely was well-positioned and excited to create a product to collect, transform and forward this mainframe log data to Splunk. The product was later expanded to also support the IBM i.

Today, Ironstream is the industry’s leading automatic forwarder of IBM z and IBM i operational data to Splunk. It continually collects operational and security data from a wide range of sources in IBM z and IBM i environments, transforms and forwards it to the platform in near real time – enabling security reporting, threat detection, and more.

Ironstream can capture information from a variety of data sources including: Syslog, SyslogD, SMF, RMF Monitor III, Log4j, SYSOUT, Db2 tables, Unix System Services file systems, and more. Once in Splunk, that data can be screened and probed for operational and security intelligence.

Why choose Ironstream for Splunk^®?

Ironstream enables the analytics platform to provide total visibility into the IBM mainframe and IBM i environments. There is no need for special knowledge and expertise to correlate mainframe or IBM i data with that coming from other platforms. Simply use Ironstream to collect z/OS data and IBM i sources to break down silos and enable your organization to:

• Effectively monitor with an enterprise-wide view
• Identify and respond to security threats
• Discover and trouble-shoot server, application and network problems

Your legacy mainframes and IBM i systems hold valuable information. Ironstream for Splunk^® helps you unlock that value through log forwarding; the data stored in logs can tell you crucial things about your systems that you wouldn’t have known otherwise (or perhaps would have found out too late).

Splunk is an industry leader in IT operations and security analytics – helping you make better, faster decisions with real-time visibility across the enterprise. Read our eBook to learn more. Top Use Cases for IBM i Data in Splunk: IT Operations Analytics.