Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Raz-Lee ISecurity to Communicate with JSA

 

To collect security, compliance, and audit events, configure your Raz-Lee iSecurity installation to forward Log Event Extended Format (LEEF) syslog events to JSA.

  1. Log in to the IBM® System i® command-line interface.
  2. From the command line, type STRAUD to access the Audit menu options.
  3. From the Audit menu, select 81. System Configuration.
  4. From the iSecurity/Base System Configuration menu, select 32. SIEM 1.
  5. Configure the 32.SIEM 1 parameter values.
  6. From the iSecurity/Base System Configuration menu, select 31. Main Control.
  7. Configure the 31. Main Control parameter values.
  8. From the command line, to configure the Firewall options, type STRFW to access the menu options.
  9. From the Firewall menu, select 81. System Configuration.
  10. From the iSecurity (part 1) Global Parameters: menu, select 72. SIEM 1.
  11. Configure the 72.SIEM 1 parameter values.
  12. From the iSecurity (part 1) Global Parameters: menu, select 71. Main Control.
  13. Configure the 71. Main Control parameter values.

Syslog LEEF events that are forwarded by Raz-Lee iSecurity are automatically discovered by the JSA DSM for IBM® AS/400® iSeries. In most cases, the log source is automatically created in JSA after a few events are detected.

If the event rate is low, you can manually configure a log source for Raz-Lee iSecurity in JSA. Until the log source is automatically discovered and identified, the event type displays as Unknown on the Log Activity tab. View automatically discovered log sources on the Admin tab by clicking the Log Sources icon.