Configuring Raz-Lee ISecurity
To collect security and audit events, you must configure your Raz-Lee iSecurity installation to forward syslog events to JSA.
- Log in to the IBM® System i® command-line interface.
- Type the following command to access the audit menu options:
- From the Audit menu, select 81. System Configuration.
- From the iSecurity/Base System Configuration menu, select 31. SYSLOG Definitions.
- Configure the following parameters:
Send SYSLOG message - Select Yes.
Destination address— Type the IP address of JSA.
"Facility" to use— Type a facility level.
"Severity" range to auto send - Type a severity level.
Message structure— Type any additional message structure parameters that are needed for your syslog messages.
Syslog events that are forwarded by Raz-Lee iSecurity are automatically discovered by JSA by the IBM® AS/400® iSeries DSM. In most cases, the log source is automatically created in JSA after a few events are detected. If the event rate is low, then you might be required to manually create a log source for Raz-Lee iSecurity in JSA.
Until the log source is automatically discovered and identified, the event type displays as Unknown on the Log Activity tab of JSA. Automatically discovered log sources can be viewed on the Admin tab of JSA by clicking the Log Sources icon.