The JSA SIFT-IT DSM accepts syslog events from Arpeggio SIFT-IT running on IBM iSeries that are formatted as Log Event Extended Format (LEEF).
JSA supports events from Arpeggio SIFT-IT 3.1 and later installed on IBM iSeries version 5 revision 3 (V5R3) and later.
Arpeggio SIFT-IT supports syslog events from the journal QAUDJRN in LEEF format.
Jan 29 01:33:34 RUFUS LEEF:1.0|Arpeggio|SIFT-IT|3.1|PW_U|sev=3 usrName=ADMIN src=100.100.100.114 srcPort=543 jJobNam=QBASE jJobUsr=ADMIN jJobNum=1664 jrmtIP=100.100.100.114 jrmtPort=543 jSeqNo=4755 jPgm=QWTMCMNL jPgmLib=QSYS jMsgId=PWU0000 jType=U jUser=ROOT jDev=QPADEV000F jMsgTxt=Invalid user id ROOT. Device QPADEV000F.
Events that SIFT-IT sends to JSA are determined with a configuration rule set file. SIFT-IT includes a default configuration rule set file that you can edit to meet your security or auditing requirements. For more information about configuring rule set files, see your SIFT-IT User Guide.