Active monitoring is one of the core security recommendations to help prevent unauthorized access to sensitive systems and information. It is a requirement of a wide variety of compliance regulations such as PCI-DSS, HIPAA/HITECH Act, GLBA/FFIEC, FISMA, and many others. From a security perspective, active monitoring makes it into the SANS Top 20 list of things you should do, and is a key recommendation from the US Cyber Security teams.
To meet these requirements for active monitoring, the IBM i can’t be an island of event information. IBM i security events must be consolidated with event information for all of your PCs, servers, and network devices to get a complete picture. Because the volume of events is typically quite large, most organizations will deploy a centralized log collection server combined with a SIEM solution that provides event correlation, real-time monitoring, alerting, and log collection archival.
One of the biggest challenges for IBM i customers is the large number of sources for log information. These include:
A good security event collection strategy will have to address all of these sources. Added to the large number or sources are some additional challenges:
Alliance LogAgent helps IBM i customers meet all of these challenges. It collects security event information from all significant log sources, converts information to industry standard formats including the syslog format (RFC 3164) and Common Event format (CEF), provides filtering options for messages, and securely transmits them to the log collection server or SIEM solution. Alliance LogAgent keeps track of event sources and won’t skip messages due to an IPL or network outages.
Alliance LogAgent is compatible with all major log collection servers and SIEM solutions, and is an affordable solution for small organizations. View our webinar "IBM i Logging for Compliance and SIEM Integration" to learn more about meeting compliance regulations and sending logs to any SIEM.
Patrick