Well, since I'm the guy doing security, I'm going to dodge the FUD factor here. Console/Syslog routing to an internal server doesn't concern me all that much from a security standpoint, especially considering that access to the segregated server will be strictly limited/controlled, and the server itself would be hardened. I don't think I would send SMF records the same way, primarily because of the bandwidth issue you mentioned. Console/Syslog wouldn't hit more than 100/sec at its peak, and would only "pulse" the log entries as they occur. Mainly I'm looking for a straightforward process (but still secured - perhaps through SSH?) to transfer the log in a "live" format (instead of a daily batch dump). For example, what do I add to CONSOLxx? Do I need to open a USS service or started task (or both) to pass the data along? Where do I put this in the IPL/startup stream? That kind of stuff. ----- Original Message ---- From: Tom Schmidt <[EMAIL PROTECTED]> To: [email protected]; Doc Farmer <[EMAIL PROTECTED]> Cc: Tom Schmidt <[EMAIL PROTECTED]> Sent: Thursday, May 18, 2006 12:31:06 PM Subject: Re: Sending CONSOLE/SYSLOG To Off-Mainframe Server
On Wed, 17 May 2006 19:51:40 -0500, Doc Farmer wrote: >How do you route Console or Syslog messages to an off-mainframe server >(Unix or Windows)? Some of our techies here want to consolidate various >logs from different platforms, and they don't want to do a dataset >transfer in batch mode but a message-to-message (live) data transfer. (I >know that SMF will need to be batch, but I think we can live with that >one...) Doc, I have ALWAYS wanted to do exactly that for some customer (or employer) but couldn't get over the security hump (or the FUD hump as the case may be). I would have used IP, and would have encrypted if the traffic went into the "wild" (big "I" Internet). It would be fun to develop and watch at first (then it would put you to sleep pretty quickly, I'd guess). I'll be interested in hearing your experiences if you get it off the ground. You certainly could send console/syslog traffic as well as SMF but you might need to be sure your bandwidth was generous and you'll also need some "big spongy buffers" on the sending side for the cases, no doubt, where the bandwidth is underestimated. (Network engineers are never right and often understate the real-world usage.) -- Tom Schmidt Madison, WI ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
