Steve, to add to what Jerry and Charles have said. I don't have any experience with Sumologic, but I'm going to guess it will need data sent to it in a format it will understand. The place that I retired from was using the BMC product to send data to Splunk. The BMC product allowed us to pick which SMF records to look at and which fields in those records to format and send to Splunk. We ran an agent on several lpars to capture data. One of the SMF record types we looked at was related to RACF information. We also looked at SMF record types related to CICS activity and batch processes.
As a side note to Charles. We started out with the product when it was called Correlog. We had looked to several products and went with Correlog. My impression is that it is a nice product. Paul -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Charles Mills Sent: Monday, March 4, 2024 7:05 PM To: [email protected] Subject: Re: EXTERNAL EMAIL: ZOS Sending Logs to Sumologic Experience? Thanks for the shout-out, Jerry! (I was the principal developer of said product.) I think BMC now calls the product AMI Defender. (I have no financial interest in BMC or the product.) I am pretty much of an expert on this topic. Feel free to reach out to me off-line if you have any questions. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Jerry Whitteridge Sent: Monday, March 4, 2024 12:12 PM To: [email protected] Subject: Re: EXTERNAL EMAIL: ZOS Sending Logs to Sumologic Experience? We used a product to send syslog/smf data to splunk called Correlog - since acquired by BMC and I don't know its new same. I don't think you will have any success in doing this without some agent on the mainframe that can extract and then send the data. Jerry Whitteridge Sr Manager Managed Services [email protected] 480 578 7889 -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Steve Estle Sent: Monday, March 4, 2024 11:43 AM To: [email protected] Subject: EXTERNAL EMAIL: ZOS Sending Logs to Sumologic Experience? All, We are embarking on an endeavor to explore sending logics to a tool called Sumologic(sumologic.com). For those who are unaware, Sumologic is a competitor to Splunk and contains a very powerful real time log parsing analytics engine which can be used to build dashboards, alerts, and more. My basic question is has anyone heard of or actually been involved in devising ways to send ZOS logs into Sumalogic - our initial efforts will be security related, but for now am just asking if anyone has any experience in this realm at all? Or maybe you are doing something similar to Splunk? If so, you can post in forum or feel free to reach directly out to me: Thanks much, Steve Estle [email protected] 303-817-9954 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ________________________________ Warning: All e-mail sent to this address will be received by the corporate e-mail system, and is subject to archival and review by someone other than the recipient. This e-mail may contain proprietary information and is intended only for the use of the intended recipient(s). If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately. ________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
