On 2022-04-19 03:16 AM, Tom Longfellow wrote:
I am still left with concerns from the 'sending' end of the syslog information.
The DS8884 is using TCP, not UDP. There are no visible means of changing
the communication packet type being used.
My only hope is that the -n version of the z/OS syslog daemon will listen on
TCP port 514 (or even 1468) when started up.
The sample in prefix.SEZAINST(SYSLOGD) provides a clue that the syslogd
only listens to UDP:
BROWSE TCPIP.SEZAINST(SYSLOGD) Line 0000000025 Col
Command ===> Scroll =
//* If you would like to run two instances of syslogd, make a second *
//* copy of this proc and replace -i with -n in the second instance. *
//* The instance using -n will process only log messages received *
//* over the well-known syslogd port via UDP. One instance must *
//* use -i and the other must use -n in order to run two instances. *
//* *
//* The -c command-line option specifies that syslogd should create *
//* any log files or directories which do not already exist. *
//* *
//* The -i command-line option specifies that syslogd should not *
//* process log messages sent to the well-known syslog port via UDP. *
//*********************************************************************
z/OS syslogd has no parameters for specifying the use of TCP or a
non-standard port.
FWIW, a lot of sites are sending their syslog traffic to SIEM products;
all such products that I've seen can accept TCP traffic.
--
--
Regards, Gord Tomlin
Action Software International
(a division of Mazda Computer Corporation)
Tel: (905) 470-7113, Fax: (905) 470-6507
Support: https://actionsoftware.com/support/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
