Re: SYSLOG port usage

2022-04-20 Thread Tom Longfellow 
Thanks, I read those comments and also could not find a way to specify port 
type or port number from either side.

I am saddened by the inability to change either side of this equation.   The 
IBM equipment will not talk to the IBM software.   So much for the mainframe 
and dasd being a full network citizen like other platforms.

I am not irritated enough to request an enhancement to either the mainframe 
code OR the DS8884 code.   The process is long and convoluted and 'designed by 
committee'.   I was just hoping to get basic information for urgent problems 
without buying a suite of SIEM tools or SAN monitoring tools or SNMP tools or 
any of the other plethora of products.  Simple syslog was going to be a basic 
window to get a kind of real time look at whats going on.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SYSLOG port usage

2022-04-19 Thread Gord Tomlin 

On 2022-04-19 03:16 AM, Tom Longfellow wrote:

I am still left with concerns from the 'sending' end of the syslog information. 
  The DS8884 is using TCP, not UDP.   There are no visible means of changing 
the communication packet type being used.
My only hope is that the -n version of the z/OS syslog daemon will listen on 
TCP port 514 (or even 1468) when started up.


The sample in prefix.SEZAINST(SYSLOGD) provides a clue that the syslogd 
only listens to UDP:


 BROWSETCPIP.SEZAINST(SYSLOGD)  Line 25 Col
 Command ===>  Scroll =
//*  If you would like to run two instances of syslogd, make a second *
//*  copy of this proc and replace -i with -n in the second instance. *
//*  The instance using -n will process only log messages received*
//*  over the well-known syslogd port via UDP. One instance must  *
//*  use -i and the other must use -n in order to run two instances.  *
//*   *
//*  The -c command-line option specifies that syslogd should create  *
//*  any log files or directories which do not already exist. *
//*   *
//*  The -i command-line option specifies that syslogd should not *
//*  process log messages sent to the well-known syslog port via UDP. *
//*

z/OS syslogd has no parameters for specifying the use of TCP or a 
non-standard port.


FWIW, a lot of sites are sending their syslog traffic to SIEM products; 
all such products that I've seen can accept TCP traffic.


--

--

Regards, Gord Tomlin
Action Software International
(a division of Mazda Computer Corporation)
Tel: (905) 470-7113, Fax: (905) 470-6507
Support: https://actionsoftware.com/support/

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SYSLOG port usage

2022-04-19 Thread Tom Longfellow 
Thanks,   I am sure that will be part of my final resolution for this situation.

I am still left with concerns from the 'sending' end of the syslog information. 
  The DS8884 is using TCP, not UDP.   There are no visible means of changing 
the communication packet type being used.
My only hope is that the -n version of the z/OS syslog daemon will listen on 
TCP port 514 (or even 1468) when started up.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SYSLOG port usage

2022-04-18 Thread Pew, Curtis G 
On Apr 18, 2022, at 12:48 PM, Tom Longfellow 
<03e29b607131-dmarc-requ...@listserv.ua.edu> wrote:
> 
> I have been wandering in the wilderness of unix syslogs under z/OS and have 
> been unable to find a definitive answer to the following question.
> 
> Does z/OS SYSLOGD daemon support TCP protocol connections for incoming 
> messages from other hosts??
> 

When you start up a syslog daemon on z/OS, you must pass it either ‘-c’ or ‘-n’ 
as an argument. A daemon with ‘-c’ only accepts local syslog calls, while one 
with ‘-n’ only accepts remote calls. If you want to do both, you need to start 
two daemons with the two different arguments. The default JCL IBM supplies has 
‘-c’, so if you’re using that it won’t accept remote UDP connections.

Hope this helps.


-- 
Pew, Curtis G
curtis@austin.utexas.edu






--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

SYSLOG port usage

2022-04-18 Thread Tom Longfellow 
I have been wandering in the wilderness of  unix syslogs under z/OS and have 
been unable to find a definitive answer to the following question.

Does z/OS SYSLOGD daemon support TCP protocol connections for incoming messages 
from other hosts??

--
Here are the gory details.
1.  A DS8884 - and we want to send syslog information to the syslog server on 
z/OS (v2.4)
2.  Adding the IP address to the syslog configuration of the DS8884  'works' 
but the connection does not activate or work under 'test'.   The DS8884 does 
not allow selection of the protocol (TCP or UDP).
3.  IP tracing shows incoming packets on z/OS with TCP protocol port 514.   
Those packets are reset rejected.
4.  Documentation says that UDP 514 is the default for syslog traffic between 
hosts.
5.  There was documentation for TCP 1468 being a well known port for TCP 
protocols for syslogd.   I have no clue if this is possible on z/OS.

Any ideas??

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN